A total of 55 vulnerabilities were patched during Microsoft’s Patch Tuesday release, three of which were zero day flaws.

The three critical vulnerabilities discovered by FireEye researchers are actively under attack by cyberespionage groups, according to a report by Threat Post. While two of the zero day vulnerabilities – CVE-2017-0261 and CVE-2017-0262 – were remote executive flaws tied to the company’s Office suite, the third zero day bug is an escalation of privilege flaw (CVE-2017-0263).

FireEye researchers have indicated that CVE-2017-0261 has been exploited since March by a financially-motivated Russian cyber gang dubbed Turla, according to a CSO Online report. CVE-2017-0262 was leveraged by infamous Russian cyberespionage group Fancy Bear.

The remaining vulnerabilities impact the company’s Windows, Office, Edge, Internet Explorer, and malware protection engine products, according to May’s security advisory