Artificial IntelligenceCybersecurityNewswireTechnologyWhat's Buzzing

Microsoft patches record number of security flaws, cites AI role

▼ Summary

– Microsoft released a record 570 security patches for Windows, Office, and other products, citing AI’s role in discovering code vulnerabilities.
– At least two zero-day vulnerabilities were patched, one affecting Windows Server (privilege escalation) and another affecting SharePoint (actively exploited by hackers).
– The massive patch update aligns with Microsoft’s earlier prediction of higher patch volumes due to AI helping uncover previously undiscovered security bugs.
– Windows boss Pavan Davuluri stated that as AI helps defenders discover more issues, customers will see a higher volume of security updates in each release.
– Security researchers are using advanced AI models to uncover vulnerabilities that may have been dormant in software code, including parts of Microsoft’s Windows code dating back decades.

Microsoft issued its largest-ever batch of security patches this week, deploying fixes for 570 vulnerabilities across Windows, Office, and other product lines. The company attributes this surge directly to AI-powered vulnerability detection, which has drastically increased the number of discovered flaws.

The technology and cloud giant released these fixes on Tuesday as part of its long-standing monthly update cycle, known to security researchers as Patch Tuesday.” Among the vulnerabilities addressed, at least two are classified as zero-day exploits, meaning malicious actors had already weaponized them before Microsoft learned of the flaws. One critical bug in Windows Server allows attackers to elevate their privileges from a limited user account to full system administrator access. Another flaw resides in the SharePoint file sharing server; the U. S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are actively exploiting this bug to compromise organizational networks.

This record-breaking update arrives just one week after Microsoft published a blog post forecasting a significant increase in its monthly patch volumes. The company explicitly cited its use of artificial intelligence to help engineers uncover previously hidden security bugs in its software. “As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” explained Pavan Davuluri, Microsoft’s head of Windows.

As AI models grow more sophisticated and increasingly specialized for cybersecurity tasks, researchers are now using them to surface vulnerabilities that have lain dormant in software code for years, sometimes even decades. Much of Microsoft’s Windows codebase dates back to the 1990s, making it a fertile ground for long-hidden flaws that modern AI tools can now efficiently identify.

(Source: TechCrunch)

Topics

microsoft patch tuesday 95% ai vulnerability discovery 92% zero-day exploits 88% windows server flaws 85% sharepoint vulnerabilities 83% cybersecurity threats 80% cisa warnings 78% software patch volume 76% legacy code security 74% security researcher tools 72%