This month's Windows security update may be the biggest ever with 99 fixes

Yesterday was the second Tuesday of February, or as it's often referred to in tech circles, Patch Tuesday. Microsoft doles out a cumulative security update every second Tuesday of the month, and today's is one of the biggest ever, if not the largest, with nearly 100 individual patches.

There are 99 in all, though if you want to count a handful of Windows 7 patches that are only available to businesses paying for extended support, the total number jumps past 100. Either way, this a comparatively massive roll out (I'm not aware of there ever being this many before).

With so many fixes inbound, it's a good idea to update sooner than later. That's assuming there are no major issues caused by the update, rather than solved—I've not seen anything yet, but it's also early. I applied it to my daily driver, a Windows 10 PC with a pair of SATA-SSDs in RAID 0 (yes, I'm reckless), and from start to finish (including a reboot) it took under a minute.

Not all of the patches are applicable to Windows 10, though many of them are. One of the more notable fixes is CVE-2020-0674, which addresses a zero-day vulnerability in Internet Explorer. Left unpatched, visiting a compromised website with IE could result in an attacker being able to take full control of a target system. According to Trend Micro, this security flaw can also be exploited outside of IE.

"Even if you don’t use IE, you could still be affected by this bug though embedded objects in Office documents. Considering the listed workaround—disabling jscript.dll—breaks a fair amount of functionality, you should prioritize the testing and deployment of this patch," Trend Micro says.

Out of the 99 vulnerabilities addressed with the latest update, a dozen are rated as Critical. One them applies to Microsoft's Secure Boot security feature designed to prevent malware from loading during start-up.

"This security feature bypass bug could allow attackers to circumvent the Secure Boot feature and load untrusted software on an affected system. This is one of the publicly known bugs being patched this month. While this is certainly a bug to scrutinize, it’s compounded by a non-standard patching process. This month’s servicing stack must first be applied, then additional standalone security updates need to be installed. If you have the Windows Defender Credential Guard (Virtual Secure Mode) enabled, you’ll need to go through two additional reboots as well. All this is needed to block impacted third-party bootloaders," Trend Micro notes.

The other thing of note is a round of patches for Microsoft's retooled Edge browser, which is now powered by Chromium (the same engine powering Google's own Chrome browser). Microsoft dished up its first round of updates for Edge since its public release last month, with fixes for 41 vulnerabilities. According to ThreatPost, these are technically not part of Patch Tuesday. They're out at the same time, though, so we're really looking at 140 patches this week.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Windows
Microsoft Copilot
A rather pleasing Windows 11 update bug automatically uninstalls Copilot and unpins it from the taskbar, which is jolly nice of it
Microsoft's Task Manager in Windows 11
After years of complaints about Windows Task Manager displaying CPU utilization incorrectly, a fix is finally on its way
Microsoft Windows 11
The latest Windows 11 dev build gives you the ability to snap together commonly paired apps for access in a single click, and I'm already sold
Windows 11's new emoji button in the taskbar.
You might mock Microsoft's new emoji button in Windows 11 but as someone that's explained how to quickly access emojis and special characters too many times, I get it
Windows 10 operating system logo is displayed on a laptop screen for illustration photo. Gliwice, Poland on January 23, 2022.
Valve's monthly survey reveals that almost 45% of Steam users on PC are still using Windows 10 even with the sword of Damocles hanging over them
Microsoft Windows 11
If you installed Windows 11 with certain security updates and a USB stick, you may not get any more security updates warns Microsoft
Latest in News
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway