Yesterday was the second Tuesday in February, known in the tech world as Patch Tuesday. Microsoft distributes cumulative security updates on the second Tuesday of each month, and today's was one of the largest ever, containing nearly 100 individual patches.

In all, there are 99 patches, but if you want to count Windows 7 patches available only to companies that have paid for extended support, the total number exceeds 100. In any case, this is a relatively large rollout (I don't know that there have ever been this many).

With so many fixes planned, the update can't come soon enough. I am assuming that the update will not cause major problems, let alone solve them. I applied it to my daily driver, a Windows 10 PC with a pair of RAID 0 SATA-SSDs (yes, I am reckless), and it took less than a minute from start to finish (including reboot).

Many patches have been applied to Windows 10, but not all apply to Windows 10. One of the more notable fixes is CVE-2020-0674, which addresses a zero-day vulnerability in Internet Explorer. If left unpatched, an attacker could gain full control of a target's system if they visit a compromised website using IE. According to Trend Micro, this security flaw could also be exploited outside of IE.

"Even if you are not using IE, you may be affected by this bug through objects embedded in Office documents. Considering that the listed workaround (disabling jscript.dll) breaks a significant amount of functionality, testing and deployment of this patch should be a priority," said Trend Micro.

Of the 99 vulnerabilities addressed in the latest update, 12 are rated "critical." One of them falls under Microsoft's Secure Boot security feature designed to prevent malware from being loaded during startup. [A bug in this security feature bypass allows attackers to bypass the Secure Boot feature and load untrusted software on affected systems. This is one of the known bugs that will be patched this month. While this is certainly a bug that should be scrutinized, it is made worse by the non-standard patching process. This month's servicing stack must be applied first, followed by the installation of additional stand-alone security updates; if Windows Defender Credential Guard (virtual secure mode) is enabled, two additional reboots are required The following are all affected third-party applications. All of this is necessary to block the affected third-party bootloaders," noted Trend Micro.

Another point worth noting is the patch for Microsoft's Edge browser, which uses Chromium (the same engine as Google's Chrome browser). Microsoft's first update since it released Edge to the public last month fixed 41 vulnerabilities, and according to ThreatPost, these are not strictly part of Patch Tuesday. However, they were released at the same time, which means that 140 patches will be released this week.