Microsoft Smashes Record For Biggest Ever Patch Tuesday Update (computerweekly.com)
- Reference: 0183724284
- News link: https://tech.slashdot.org/story/26/06/10/0337257/microsoft-smashes-record-for-biggest-ever-patch-tuesday-update
- Source link: https://www.computerweekly.com/news/366644117/Microsoft-smashes-record-for-biggest-ever-Patch-Tuesday-update
> Microsoft has [1]issued patches for about 200 flaws in its latest monthly Patch Tuesday drop , blasting past a previous record high of almost 170 common vulnerabilities and exposures (CVEs) set in October 2025. Among a great many others, the latest update from Redmond fixes a total of 32 critical CVEs and three zero-day flaws. Dustin Childs, head of threat awareness at TrendAI's Zero Day Initiative, said: "We are heading into a high-stakes summer for cyber security. June's record-shattering drop ... is a stark warning that AI is [2]supercharging flaw discovery at an uncontrollable scale. The current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018. It is extraordinary that Microsoft can produce so many patches in a single month, and I expect many testers are wondering what quality issues may exist."
>
> And with the addition of hundreds of CVEs in Google Chrome and Microsoft Edge (Chromium) and other third-party flaws taking the total to almost 600, Chris Goettl, vice president of security product management at Ivanti, said talk of a 'Patch Apocalypse' was no longer unwarranted. "We are in the Patch Apocalypse. The Patch Apocalypse is now," said Goettl. "This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs [Large Language Models] has accelerated significantly in the first half of 2026."
>
> "There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to five days as of 2023 threat intelligence data." Goettl said that many suppliers have acknowledged the need to use AI tools in their security research to identify and resolve flaws, with Oracle, Google Chrome and Mozilla all upping the cadence of their updates. Whether or not Microsoft follows suit remains to be seen.
[1] https://www.computerweekly.com/news/366644117/Microsoft-smashes-record-for-biggest-ever-Patch-Tuesday-update
[2] https://www.microsoft.com/en-us/msrc/blog/2026/05/a-note-on-patch-tuesday
Are they using Myhos? (Score:3)
GitHub commits up x14 or something like that...AI is accelerating development and we'll only slow down if we have a consequent emergency.
...but more to the point AI is helping find and fix more bugs and security issues than ever before. This is a good thing.
Re: (Score:2)
Microsoft did not share the specific tools they are using (and no single tool is great at everything), but it seems likely Anthropic's Mythos was among the tools used at least by some of the teams for some of the code base. Microsoft already offers the Mythos model on their Azure platform to Project Glasswing member organizations.
Uncontrollable? (Score:2)
"AI is (...) at an uncontrollable scale."
Well, that's comforting.
...and it's busted some machines... (Score:2)
According to co-workers, the latest patch bundle has caused some problems. Patches are curated, but apparently some issues got through. I've put off updates until tonight. Tomorrow may not be very productive.
Re: ...and it's busted some machines... (Score:2)
No surprise. Count me among "and I expect many testers are wondering what quality issues may exist." No shit, Dick Tracy!
Yeah! Most incompetent ever! So much winning! (Score:2)
Seriously, why are not trying to hide this in shame?
Re: (Score:2)
Penetration and vulnerability testing has accelerated massively, to the tunes of hundreds if not thousands of times with modern AI.
The fact that they managed to keep up with this and publish massive amount of patches is a sign of excellence.
And they want this testing to continue, so these are found before they're exploited to any significant degree.
Re: (Score:2)
Because they realized you'd then complain about how they kept it secret, and thus that there was no way of pleasing you?