Microsoft Ships Record 570 Patches as AI Reshapes Bug Discovery — and Exploitation
Original source
Microsoft has released software updates to plug at least 570 security holes
Hacker News →Microsoft’s July Patch Tuesday fixed at least 570 vulnerabilities — nearly triple last month’s already record-setting count — with the company crediting AI-assisted tooling for surfacing far more flaws across its codebase. Roughly 60 were rated critical, and three were zero-days, two of them already under active exploitation. The bulk of the batch (around 250 fixes) addressed elevation-of-privilege bugs, including exploited flaws in Active Directory Federation Services and SharePoint, plus a publicly disclosed BitLocker security-feature bypass requiring physical access. A standout was CVE-2026-48561, a 9.6-CVSS remote code execution bug in Copilot that could be triggered when Edge for Android auto-sends attacker-crafted prompts from a malicious website.
The more consequential story is that AI is compressing the gap between disclosure and working exploits, straining Microsoft’s human-centric “exploitability index.” Tenable’s Satnam Narang pointed to the SharePoint zero-day, which Microsoft initially rated “less likely” to be exploited even as CISA added it to its Known Exploited Vulnerabilities list. He cited Anthropic red-team findings in which a preview model produced proof-of-concept exploits for 13 of 14 bugs rated unlikely or less likely to be exploited — evidence that severity forecasting built around human effort no longer holds when machines do the analysis.
The surge isn’t unique to Microsoft. Adobe is moving to twice-monthly bulletins, Cisco, Mozilla, and Oracle are patching more often, and Google’s June updates topped 900 fixes — vendors broadly citing AI-accelerated discovery. Given the sheer volume and the elevated odds of stability regressions, admins and users are advised to back up first and consider holding off a few days before deploying.
Read the full article
Continue reading at Hacker News →This is an AI-generated summary. Read the original for the full story.