Security News > 2020 > March > Microsoft leaves critical bug unpatched on Patch Tuesday
Microsoft fixed bugs across a range of products on March's Patch Tuesday, releasing patches for 115 distinct CVEs, with 26 rated critical.
The critical bug that cropped up in the most CVEs was in ChakraCore, the scripting engine that handles just-in-time compilation for its browsers.
Microsoft detailed a similar object memory handling bug in Edge itself, along with four other similar CVEs in various areas of Internet Explorer 11 that included a bug in its VBScript engine.
A flaw in the Windows Graphics Device Interface enables an attacker to control the system with full user rights; and a memory corruption bug in Windows Media Foundation, which is a COM-based multimedia framework pipeline and infrastructure platform for digital media in Windows.
One thing that wasn't fixed in the collection of patches was a critical bug in Microsoft SMB servers that is triggered by a maliciously crafted data packet.
News URL
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)