Microsoft Patches a Record 570 Security Flaws
5 hours ago
- #Patch Tuesday
- #Microsoft Security
- #AI Vulnerabilities
- Microsoft released patches for over 570 security vulnerabilities in July 2024, nearly triple the count from the previous month.
- Nearly 60 vulnerabilities were rated critical, including three zero-days already exploited in the wild.
- Two zero-days and around 250 other flaws involve privilege escalation, such as CVE-2026-56155 and CVE-2026-56164.
- CVE-2026-50661 is a BitLocker bypass flaw allowing access to encrypted data with physical device access, though not actively exploited.
- Microsoft attributes the surge in patches to AI accelerating vulnerability discovery across more code.
- CVE-2026-48561 is a critical remote code execution flaw in Microsoft Copilot, exploitable via malicious websites targeting Edge for Android.
- AI is also helping attackers create exploits faster, challenging Microsoft's exploitability index, which is based on human speed.
- Other software vendors like Adobe, Cisco, Mozilla, Oracle, and Google are also increasing patch frequency, partly due to AI.
- Users are advised to back up data and delay patch installation to avoid potential stability issues from the high volume of updates.
- Commentary suggests AI's brute-force analysis reveals long-hidden bugs in vast, complex codebases, but patches may introduce new issues.