惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
P
Privacy & Cybersecurity Law Blog
Cyberwarzone
Cyberwarzone
Scott Helme
Scott Helme
G
GRAHAM CLULEY
NISL@THU
NISL@THU
K
Kaspersky official blog
Security Latest
Security Latest
L
LINUX DO - 热门话题
C
CERT Recently Published Vulnerability Notes
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
Simon Willison's Weblog
Simon Willison's Weblog
A
Arctic Wolf
C
Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
T
Tor Project blog
T
Threat Research - Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
I
InfoQ
P
Privacy International News Feed
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
M
MIT News - Artificial intelligence
Latest news
Latest news
I
Intezer
MyScale Blog
MyScale Blog
Google DeepMind News
Google DeepMind News
罗磊的独立博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
The Last Watchdog
The Last Watchdog
Microsoft Security Blog
Microsoft Security Blog
美团技术团队
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
IT之家
IT之家
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
V
Vulnerabilities – Threatpost

Krebs on Security

Lessons Learned from CISA’s Recent GitHub Leak Felons, Fraudsters Flog Offensive Cybersecurity Startup FBI Seizes NetNut Proxy Platform, Popa Botnet Scattered Spider Hackers Plead Guilty on Day 1 of Trial ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm Who Runs the Ransomware Group ‘The Gentlemen?’ A Record-Breaking Patch Tuesday for June 2026 Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Lawmakers Demand Answers as CISA Tries to Contain Data Leak Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada CISA Admin Leaked AWS GovCloud Keys on Github Patch Tuesday, May 2026 Edition Canvas Breach Disrupts Schools & Colleges Nationwide Anti-DDoS Firm Heaped Attacks on Brazilian ISPs ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Patch Tuesday, April 2026 Edition ‘CanisterWorm’ Springs Wiper Attack Targeting Iran Feds Disrupt IoT Botnets Behind Huge DDoS Attacks Microsoft Patch Tuesday, March 2026 Edition How AI Assistants are Moving the Security Goalposts ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA Kimwolf Botnet Swamps Anonymity Network I2P
Microsoft Patches a Record 570 Security Flaws
BrianKrebs · 2026-07-15 · via Krebs on Security

Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence.

A picture of a windows laptop in its updating stage, saying do not turn off the computer.

Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws that are already being exploited in the wild.

Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include CVE-2026-56155 — an Active Directory Federation Services bug — and CVE-2026-56164, a Microsoft Sharepoint vulnerability.

CVE-2026-50661 is a security feature bypass in Windows BitLocker that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation.

In a blog post on July 9, Microsoft Executive Vice President Pavan Davuluri wrote that Windows users will notice “a higher volume of security updates included in each security release” as a result of AI aiding in the discovery of vulnerabilities.

“The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Davuluri wrote.

Jack Bicer, director of vulnerability research at Action1, called attention to CVE-2026-48561, a remote code execution flaw in Microsoft Copilot (with a 9.6 CVSS threat score) that allows an unauthorized attacker to execute code over the network. Microsoft says an attacker could exploit this bug by hosting a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the site.

As AI advances the state of vulnerability discovery and remediation, it is also making it easier for attackers to quickly devise working exploits for known software flaws. Microsoft has long labeled security bugs using its “exploitability index,” which is Redmond’s best guess as to how likely it is that attackers will be able to figure out a reliable way to exploit a given vulnerability.

But Satnam Narang, senior staff research engineer at Tenable, argues that Microsoft’s exploitability index needs to do a better job of shifting with the machine speed of discovery. For example, Microsoft originally gave this month’s SharePoint zero-day an exploitability rating of “less likely,” although the flaw was added to CISA’s Known Exploited Vulnerabilities list on July 1.

“Anthropic’s Red Team’s own findings for known vulnerabilities (n-days) revealed how fragile this system has become, with its Mythos Preview model being able to produce proof-of-concept exploits for 13 of 14 vulnerabilities that were rated ‘Exploitation Less Likely’ or ‘Exploitation Unlikely,'” Narang said. “What this means is that our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools, and as these tools continue to improve, defense needs to improve alongside it.”

Chris Goettl at Ivanti observed that the record patch numbers from Microsoft come as a number of other major software makers are increasing their patch cadence, including Adobe which announced today it is moving to twice-monthly security bulletins published on the 2nd and 4th Tuesday of each month (Adobe also cited AI for accelerating their patch cycles). Cisco, Mozilla and Oracle also are shipping updates more frequently, while Google’s patch batches in June 2026 totaled more than 900 security fixes, Goettl noted.

Backing up your Windows system and/or data is always a good idea before applying operating system updates. Given the volume of patches addressed this month it may be wise for end users to wait a few days before applying these fixes. It’s not uncommon for security patches to introduce system stability issues, and those chances probably increase quite a bit with the gigantic patch count released today.

Further reading:

Action1’s Patch Tuesday blog

Automox’s rundown