tech_surveillance1482 wordsRead on Arc Codex

Microsoft Patches a Record 570 Security Flaws

Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild. Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include CVE-2026-56155 — an Active Directory Federation Services bug — and CVE-2026-56164, a Microsoft Sharepoint vulnerability. CVE-2026-50661 is a security feature bypass in Windows BitLocker that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation. In a blog post on July 9, Microsoft Executive Vice President Pavan Davuluri wrote that Windows users will notice “a higher volume of security updates included in each security release” as a result of AI aiding in the discovery of vulnerabilities. “The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Davuluri wrote. Jack Bicer, director of vulnerability research at Action1, called attention to CVE-2026-48561, a remote code execution flaw in Microsoft Copilot (with a 9.6 CVSS threat score) that allows an unauthorized attacker to execute code over the network. Microsoft says an attacker could exploit this bug by hosting a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the site. As AI advances the state of vulnerability discovery and remediation, it is also making it easier for attackers to quickly devise working exploits for known software flaws. Microsoft has long labeled security bugs using its “exploitability index,” which is Redmond’s best guess as to how likely it is that attackers will be able to figure out a reliable way to exploit a given vulnerability. But Satnam Narang, senior staff research engineer at Tenable, argues that Microsoft’s exploitability index needs to do a better job of shifting with the machine speed of discovery. For example, Microsoft originally gave this month’s SharePoint zero-day an exploitability rating of “less likely,” although the flaw was added to CISA’s Known Exploited Vulnerabilities list on July 1. “Anthropic’s Red Team’s own findings for known vulnerabilities (n-days) revealed how fragile this system has become, with its Mythos Preview model being able to produce proof-of-concept exploits for 13 of 14 vulnerabilities that were rated ‘Exploitation Less Likely’ or ‘Exploitation Unlikely,'” Narang said. “What this means is that our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools, and as these tools continue to improve, defense needs to improve alongside it.” Chris Goettl at Ivanti observed that the record patch numbers from Microsoft come as a number of other major software makers are increasing their patch cadence, including Adobe which announced today it is moving to twice-monthly security bulletins published on the 2nd and 4th Tuesday of each month (Adobe also cited AI for accelerating their patch cycles). Cisco, Mozilla and Oracle also are shipping updates more frequently, while Google’s patch batches in June 2026 totaled more than 900 security fixes, Goettl noted. Backing up your Windows system and/or data is always a good idea before applying operating system updates. Given the volume of patches addressed this month it may be wise for end users to wait a few days before applying these fixes. It’s not uncommon for security patches to introduce system stability issues, and those chances probably increase quite a bit with the gigantic patch count released today. Further reading: Still as confused as before … how could there be 570 flaws if Microsoft engineers are the ones doing the programming ? Is it carelessness or intentional ? programming without bugs is between hard and impossible security is an adversarial task, so bugs will be fund Because much of this has existed for years, subtle mistakes made in various different ways that are not so obvious when created as they are when researched. Consider that this spans different languages, generations of people, billions of lines of code. NO one person on earth can simply open and view it all. Ai is digging it out by brute force analytics that did not exist when most of it was written. Try to butter some bread without crumbs coming off and then get back to me. Humans are flawed creatures! Those aren’t the only options, extraordinarily confused person. An old joke about programming seems appropriate: “Every program has at least one bug and can be shortened by at least one instruction – from which, by induction, one can deduce that every program can be reduced to one instruction which doesn’t work.” Appreciate the coverage man! This month was a monster! How many of these AI discovered bugs are not really bugs/holes etc., but the fixes will create new, unforeseen problems? None. Many of the vulnerabilities are from chaining from one weakness to another. It takes humans time to do this, but AI does this much faster. Given literally decades of work fixing stability bugs in the Microsoft codebase, it is not surprising these security bugs get now found. It will likely take many of these cycles. And as noted, new defects will be introduced. Scrub scrub scrub! Nothing interesting to me this Patch Tuesday. Still the same old crap. Good write-up, as per usual. Tired of these sorts of small AI-located bugs still being counted as some sort to pump up numbers, I assume, when they are basically just bugs not flaws. My only MS system showed no improvement. So, your usual Patch Tuesday. It has improved security. Yawn. “Microsoft also addressed three zero-day flaws that are already being exploited in the wild.” CVE-2026-50661, according to Microsoft is: Publicly disclosed: Yes Exploited: No Exploitability assessment: Exploitation Less Likely https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-50661 If Microsoft used AI to write a complete Windows replacement OS fresh from the ground up, it would have almost zero security holes, require a lot less maintenance and would do away with tens of thousands of human coding and QA jobs inside Microsoft, meaning more profits for the investors! I have done it myself on a local LLM. It is running great (only 100MB in memory) and I think it is very secure. And because it is so great, it doesn’t require maintenance at all! Finally built out that qemu win 3.11/wfw instance with stripped out UI? They should probably go back to their origins and build from win 98 and windows 2000, perhaps windows XP, and drop any lineage post win 7. Let AI slug it out instead of plopping it down with win 10/win 11. Sincerely, that is a better option. I feel like we are not grasping the differences between how we code vs how AI code vs how Ai code vs how Dimon might code. I don’t wanna think about Dimon vibe coding. Thinking about Gates vibe coding suddenly sounds kind of fascinating, though. I do wonder how rich ex developers would vibe code now. I worry about how AI might be interested in how we all vibe code differently. Not so scary locally, damn creepy as a communistic concept. Hoping MS never patches any of my personal bugs/flaws. I am guessing those models are taking notes on the catwalk. :/ Nonsense. It would be just another one of their expensive fiascos. LLM code generators don’t know secure from insecure, just what they’re trained on. That’s why what drew my eye in Brian’s article was the mention of the “remote code execution flaw in Microsoft Copilot”. Mindless AI shovelware creates more problems than it’ll ever solve. An OS based on it would be a nightmare. AI… Are you AI or not? Great article and important reminder about the need for regular security updates. With the increasing number of vulnerabilities being discovered, staying informed and using reliable tools has become more important than ever. Resources like https://vanced.com.co/revanced-sync-for-lemmy/ also show how open-source communities continue to create useful solutions for users who value privacy and better digital experiences. Impressive. Now let’s compaire: PC Mag, in 1995, reported that M$ was releasing Win95, ->in spite of over 64,000 known bugs and issues<-. Do we imagine that number's decreased? Microsoft advisory said, some Dell PC maybe cause loop reboots after July updates

How it works

Once you click Generate, Ollama reads this article and crafts 5 comprehension questions. Your answers are graded against the article content — general knowledge won't be enough. Score 70+ to count toward your certificate.

Questions are cached — you'll always get the same 5 for this article.