Meanwhile, two exploited Exchange flaws that publicly emerged two weeks ago were not addressed in Microsoft’s update.
The vulnerability in the Windows Common Log File system could allow an authenticated attacker to execute code with elevated privileges.
Attackers were attempting to exploit the flaw to distribute the Emotet, Trickbot and Bazaloader malware.
The Exchange Server flaw is one of 55 vulnerabilities fixed in Microsoft's Patch Tuesday update.
Microsoft issued a fix for a use-after-free Windows vulnerability that was being leveraged in attacks, as part of its October Patch Tuesday roundup.