Security News > 2020 > March > Microsoft leaves critical bug unpatched on Patch Tuesday
Microsoft fixed bugs across a range of products on March's Patch Tuesday, releasing patches for 115 distinct CVEs, with 26 rated critical.
The critical bug that cropped up in the most CVEs was in ChakraCore, the scripting engine that handles just-in-time compilation for its browsers.
Microsoft detailed a similar object memory handling bug in Edge itself, along with four other similar CVEs in various areas of Internet Explorer 11 that included a bug in its VBScript engine.
A flaw in the Windows Graphics Device Interface enables an attacker to control the system with full user rights; and a memory corruption bug in Windows Media Foundation, which is a COM-based multimedia framework pipeline and infrastructure platform for digital media in Windows.
One thing that wasn't fixed in the collection of patches was a critical bug in Microsoft SMB servers that is triggered by a maliciously crafted data packet.
News URL
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)