13.8 C
Canberra
Thursday, July 16, 2026

Microsoft Patches a File 570 Safety Flaws – Krebs on Safety


Microsoft Corp. immediately launched software program updates to plug not less than 570 safety holes in its Home windows working programs and different software program, virtually triple the variety of vulnerabilities the software program large fastened in its record-smashing Patch Tuesday launch final month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by synthetic intelligence.

Microsoft Patches a File 570 Safety Flaws – Krebs on Safety

Practically 60 of the bugs quashed in July’s Patch Tuesday earned a “crucial” severity score, which means miscreants or malware may use them to grab distant management over a Home windows gadget with little or no assist from the consumer. Microsoft additionally addressed three zero-day flaws, together with two which are already being exploited within the wild.

Two of the zero-day weaknesses permit an attacker to raise their consumer rights on a Home windows system, as do roughly 250 different elevation of privilege flaws fastened this month; they embody CVE-2026-56155 — an Lively Listing Federation Companies bug — and CVE-2026-56164, a Microsoft Sharepoint vulnerability.

CVE-2026-50661 is a safety characteristic bypass in Home windows BitLocker that might permit attackers to achieve entry to encrypted knowledge if they’ve bodily entry to the gadget. Microsoft mentioned this bug has been detailed publicly, however that it isn’t conscious of any lively exploitation.

In a weblog submit on July 9, Microsoft Government Vice President Pavan Davuluri wrote that Home windows customers will discover “a better quantity of safety updates included in every safety launch” on account of AI aiding within the discovery of vulnerabilities.

“The tempo of vulnerability discovery is altering with advances in AI making it attainable to search out extra points, sooner, throughout extra code, with new mechanisms that may speed up each discovery and evaluation,” Davuluri wrote.

Jack Bicer, director of vulnerability analysis at Action1, known as consideration to CVE-2026-48561, a distant code execution flaw in Microsoft Copilot (with a 9.6 CVSS risk rating) that permits an unauthorized attacker to execute code over the community. Microsoft says an attacker may exploit this bug by internet hosting a malicious web site that causes Microsoft Edge for Android to routinely ship crafted prompts to Copilot when a consumer visits the positioning.

As AI advances the state of vulnerability discovery and remediation, additionally it is making it simpler for attackers to rapidly devise working exploits for identified software program flaws. Microsoft has lengthy labeled safety bugs utilizing its “exploitability index,” which is Redmond’s greatest guess as to how seemingly it’s that attackers will be capable of determine a dependable option to exploit a given vulnerability.

However Satnam Narang, senior employees analysis engineer at Tenable, argues that Microsoft’s exploitability index must do a greater job of shifting with the machine velocity of discovery. For instance, Microsoft initially gave this month’s SharePoint zero-day an exploitability score of “much less seemingly,” though the flaw was added to CISA’s Identified Exploited Vulnerabilities checklist on July 1.

“Anthropic’s Pink Crew’s personal findings for identified vulnerabilities (n-days) revealed how fragile this technique has develop into, with its Mythos Preview mannequin with the ability to produce proof-of-concept exploits for 13 of 14 vulnerabilities that have been rated ‘Exploitation Much less Probably’ or ‘Exploitation Unlikely,’” Narang mentioned. “What this implies is that our means of taking a look at Patch Tuesday has modified, as a result of the exploitability index is centered round people, not AI instruments, and as these instruments proceed to enhance, protection wants to enhance alongside it.”

Chris Goettl at Ivanti noticed that the report patch numbers from Microsoft come as numerous different main software program makers are rising their patch cadence, together with Adobe which introduced immediately it’s shifting to twice-monthly safety bulletins printed on the 2nd and 4th Tuesday of every month (Adobe additionally cited AI for accelerating their patch cycles). Cisco, Mozilla and Oracle are also transport updates extra often, whereas Google’s patch batches in June 2026 totaled greater than 900 safety fixes, Goettl famous.

Backing up your Home windows system and/or knowledge is all the time a good suggestion earlier than making use of working system updates. Given the quantity of patches addressed this month it could be clever for finish customers to attend just a few days earlier than making use of these fixes. It’s not unusual for safety patches to introduce system stability points, and people possibilities most likely improve fairly a bit with the big patch rely launched immediately.

Additional studying:

Action1’s Patch Tuesday weblog

Automox’s rundown

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

[td_block_social_counter facebook="tagdiv" twitter="tagdivofficial" youtube="tagdiv" style="style8 td-social-boxed td-social-font-icons" tdc_css="eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjM4IiwiZGlzcGxheSI6IiJ9LCJwb3J0cmFpdCI6eyJtYXJnaW4tYm90dG9tIjoiMzAiLCJkaXNwbGF5IjoiIn0sInBvcnRyYWl0X21heF93aWR0aCI6MTAxOCwicG9ydHJhaXRfbWluX3dpZHRoIjo3Njh9" custom_title="Stay Connected" block_template_id="td_block_template_8" f_header_font_family="712" f_header_font_transform="uppercase" f_header_font_weight="500" f_header_font_size="17" border_color="#dd3333"]
- Advertisement -spot_img

Latest Articles