Microsoft announced the release of 570 security patches for Windows, Office, and other products on Tuesday, marking a record number of fixes in its monthly update cycle. The update, dubbed 'Patch Tuesday,' includes at least two zero-day vulnerabilities that were exploited before Microsoft became aware of them. One flaw in Windows Server allows hackers to escalate privileges from a limited user to a system administrator, while another affects SharePoint file sharing, with CISA warning of active exploitation by hackers. Source: techcrunch
The patch release follows Microsoft's earlier announcement that it expected a higher volume of monthly security updates due to its increased use of AI to uncover previously unknown vulnerabilities. According to the company, AI is helping security teams identify issues that may have been dormant in software code for years. Pavan Davuluri, Windows boss, stated, 'As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release.' Source: techcrunch
Microsoft's Windows codebase includes components dating back decades, making it a potential target for long-standing vulnerabilities. The use of AI in cybersecurity is now enabling researchers to find flaws that may have gone unnoticed for years, according to the source. Source: techcrunch