Two elevation-of-privilege bugs that have been exploited in the wild are at the heart of September s Patch Tuesday update from Microsoft. The two EoP vulnerabilities under active attack consist of CVE-2019-1214, which exists in the Windows Common Log File System (CLFS) Driver. The other bug has only been seen targeting older operating systems, according to Microsoft. In all, Microsoft patched 79 CVEs in September, a full 17 are listed as critical in severity, 62 are important, and one is listed as moderate in severity.
Source: https://threatpost.com/microsoft-addresses-two-zero-days-under-active-attack/148185/