In the most recent Patch Tuesday, Microsoft released fixes 66 CVEs, including an RCE bug under active attack. Three of the bugs that were patched in the update were rated critical. One of which has been under active attack for nearly two weeks. One of the other bugs included in the update is listed as publicly known but has not yet been exploited. Security researchers called the latest update a “light” Patch Tuesday.

Other flaws in Microsoft Windows, Windows components, Microsoft Edge, Azure Office, and Office Components were patched. Of the 66 flaws patched, three are rated critical, 62 are important, and one is rated moderate in severity. This marks the seventh month this year that Microsoft has patched less than 100 CVEs in its monthly security update.

Read More: Microsoft Patches Actively Exploited Windows Zero-Day Bug