The batch includes security update to addresses 27 critical and 54 important vulnerabilities, of which 39 could lead to Remote Code Execution (RCE) in Microsoft products.

Microsoft has just released the September Patch Tuesday , a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products.

The September Patch Tuesday addresses vulnerabilities in the following Microsoft products:

Internet Explorer

Microsoft Edge

Microsoft Windows

.NET Framework

Skype for Business and Lync

Microsoft Exchange Server

Microsoft Office, Services, and Web Apps

Adobe Flash Player

Some of the vulnerabilities have already been actively exploited by the attackers in the wild such as:

Windows .NET Framework Remote Code Execution (CVE-2017-8759) – It is a zero-day vulnerability that affects the way Microsoft .NET Framework processes untrusted input data.

The flaw could be exploited by an attacker to take full control of the vulnerable system simply by tricking victims into opening a specially crafted document or application sent over an email. The attacker can trigger the issue to create new accounts with full user rights.

According to FireEye, the CVE-2017-8759 has actively been exploited by an APT group to deliver the surveillance malware FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July.

It was privately reported by security firm FireEye.