HeadlinesBriefing favicon HeadlinesBriefing.com

Microsoft Patches Record 570 Flaws as AI Accelerates Discovery

Hacker News •
×

Microsoft released updates for 570 security flaws, nearly triple last month's record, with 60 rated critical. Three zero-days are actively exploited, including two elevation-of-privilege bugs (CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint) and a BitLocker security feature bypass (CVE-2026-50661).

Microsoft EVP Pavan Davuluri attributed the surge to AI-aided vulnerability discovery, stating advances allow finding more issues faster across more code. Jack Bicer of Action1 highlighted CVE-2026-48561, a 9.6 CVSS remote code execution flaw in Microsoft Copilot exploitable via malicious websites targeting Edge for Android.

Satnam Narang of Tenable argued Microsoft's exploitability index is outdated for AI-era exploit development, noting Anthropic's model produced proof-of-concept exploits for 13 of 14 vulnerabilities rated "Exploitation Less Likely." Chris Goettl at Ivanti observed Adobe, Cisco, Mozilla, Oracle, and Google also accelerating patch cadences, with Google's June batch exceeding 900 fixes.

Given the volume, users should back up systems and consider waiting a few days before applying updates to avoid potential stability issues.