Microsoft released a record number of security patches for Windows, Office and other tech product lines this week, citing the use of AI to help discover code vulnerabilities.
The technology and cloud giant released patches for 570 security flaws on Tuesday as part of its monthly scheduled fix releases, which security researchers have long dubbed “Patch Tuesday.”
At least two vulnerabilities are classified as zero-days, meaning they were exploited before Microsoft was made aware of them. A bug affecting Windows Server allows hackers to elevate their privileges from a limited user to system administrator. Another bug affects SharePoint file sharing servers – US government cybersecurity agency CISA has warned that hackers are actively exploiting the bug to compromise organizations.
Krebs on Security first reported the news.
The big patch update comes a week after Microsoft said in a blog post that it expects its usual batch of monthly security patches to be much higher in numbers than before. The company cited the use of AI to help its employees uncover previously undiscovered security bugs in its software.
Windows boss Pavan Davuluri said, “As AI helps defenders discover more issues, customers will see a greater volume of security updates included in each security release.”
As AI models become more advanced and focus on cybersecurity issues, security researchers are using them to uncover vulnerabilities that may lie dormant in software code for years, if not longer. Parts of Microsoft’s Windows code are decades old.