Microsoft’s biggest Patch Tuesday kills 99 cyber security bugs

Tuesday marked the release of the February 2020 Patch Tuesday, a cyber security update that fixes a total of 99 cyber security bugs.

This is the biggest Patch Tuesday to date.

One of the highlights from this month’s patch bundle is the fix for CVE-2020-0674, a zero-day vulnerability that was present in Microsoft Explorer.

Although Microsoft knew about this for at least a month or more, at the time, the company did not release a patch.

It is, however, featured in this month’s security updates.

Out of the remaining 98 updates, 11 were rated as critical – the highest rating available.

To provide an overview, most of the bug fixes address memory corruption and remote code execution problems.

These were present in services such as LNK files, the IE scripting engine, the Media Foundation component, and the Remote Desktop Protocol service.

Another security flaw worth noting concerns Microsoft Exchange 2018 and 2019.

If left unpatched, an attacker could execute arbitrary code on the victim’s computer by sending out a specially crafted email to the victim that exploits the Exchange Server.

This particular vulnerability goes by the name of CVE-2020-0688 and is rated as ‘important’ rather than ‘critical’.

Despite this, Allan Liska, intelligence analyst at Recorded Future, judges it to be more serious than it looks, because Microsoft labelled this one as likely to be exploited.

This month’s update may be record-breaking in terms of size, but the previous month’s bug fixes were more dire in comparison.

Either way, critical security updates can allow an attacker to gain complete control over your system, so you are advised to avoid further delays and install the patch as soon as possible.

Since there is no other way to install them but to accept them all in bulk, be prepared for the process to take a while.