Microsoft kills critical bugs in delayed Patch Wednesday

Microsoft today released a slew of highly anticipated security updates to handle critical vulnerabilities in Windows and other applications, after delaying last month's bundle of patches.

Multiple critical vulnerabilities in the Internet Explorer and Edge web browsers have been patched in the March set of updates. The browser vulnerabilities can be abused for remote code execution, and affect all versions of Windows.

A remote code execution vulnerability in Adobe Flash Player - rated as critical for Windows clients and WIndows Server 2016, but moderate for Windows Server 2012 - is also patched this month.

Critical remote code execution holes in the Windows PDF library and Uniscribe tool are closed with the March update, along with similar vulnerabilities in Microsoft Office, Outlook Web Access on Exchange Server, and the Hyper-V hypervisor.

Microsoft plugged five different remote code execution vulnerabilities in the way Windows handles the Server Message Block version 1.0 file sharing protocol requests from clients. 

Another vulnerability that could be exploited with a malicious SMB v1.0 packet and enable information disclosure from the server has also been taken care of in the March update. Microsoft said it is not aware of any exploits for the above vulnerabilites.

However, exploit code has been published for a memory corruption bug that can be triggered by a malicious SMB share on a server, and crash Windows clients.

The exploit was made public in early February and has remained unpatched until now.

A further nine security bulletins rated as important were also published by Microsoft, detailing now-patched vulnerabilities that allow for remote code execution, privilege escalation, and information disclosure in Windows and other Microsoft applications.