Security News > 2020 > March > Microsoft leaves critical bug unpatched on Patch Tuesday
Microsoft fixed bugs across a range of products on March's Patch Tuesday, releasing patches for 115 distinct CVEs, with 26 rated critical.
The critical bug that cropped up in the most CVEs was in ChakraCore, the scripting engine that handles just-in-time compilation for its browsers.
Microsoft detailed a similar object memory handling bug in Edge itself, along with four other similar CVEs in various areas of Internet Explorer 11 that included a bug in its VBScript engine.
A flaw in the Windows Graphics Device Interface enables an attacker to control the system with full user rights; and a memory corruption bug in Windows Media Foundation, which is a COM-based multimedia framework pipeline and infrastructure platform for digital media in Windows.
One thing that wasn't fixed in the collection of patches was a critical bug in Microsoft SMB servers that is triggered by a maliciously crafted data packet.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)