Microsoft has released software updates to plug at least 570 security holes

krebsonsecurity.com

204 points by robin_reala 2 days ago


lionkor - 2 days ago

If I find a bug in very important MS products, I usually do report them using their shitty feedback app. Not once has any of that yielded anything.

Maybe a way to find tons of high impact bugs would be to let MS developers access those bug reports?

charonn0 - 2 days ago

It seems like bug hunting might be the one area where AI is actually making the world a better place.

ReactiveJelly - 2 days ago

They should patch that Global Device ID thing

:^)

fuckinpuppers - 2 days ago

This is great. Now ask Mythos to make windows suck less and let it go crazy.

JSTucker - 2 days ago

If you want an easy way to view these I made https://wofa.dev to keep track of windows updates and security patches in a single place

kingforaday - 2 days ago

Full July 2026 Summary: https://www.bleepingcomputer.com/microsoft-patch-tuesday-rep...

1vuio0pswjnm7 - a day ago

The attack surface of Windows is infinite

As one door closes, another opens

"Features"

"Fixes"

Job security

Security holes

The threat model is Microsoft

ozim - 2 days ago

Gets me wondering if it is real or they just got a backlog quick fixes dropped so it looks like AI bug hunting really works to prop up their AI bullshit narrative.

freitasm - 2 days ago

I wonder how many bugs will be introduced with these fixes...

devin - 2 days ago

How many are chained, and how many patches are defense-in-depth after discovering chained paths to that flaw?

naturalmovement - 2 days ago

Sounds like a lot but compare it to Edge also being patched for 428 Chromium CVEs this month.

If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn't have believed it.

If Chromium has that many security bugs, perhaps the move fast and break things approach of spraying diarrhea masquerading as code into a keyboard — in a rush to add new features no one asked for — needs to be reexamined.

lousken - 2 days ago

It would be nice if microsoft had windows update for .net, visual c++, office, windows, edge ... just all their software in one updater, but that would be too easy...

dhx - 2 days ago

Title is not correct. Microsoft didn't patch a lot of this, they're reporting patches for dependencies that other people patched and Microsoft are inheriting.

For example, Mariner (now branded Azure Linux) is a Microsoft-supported Linux distribution. So in this list of 570 vulnerabilities, Microsoft have reported 100 vulnerabilities inherited from all sorts of open source software projects included in their Azure Linux distribution. The OpenSSH vulnerabilities are described in better detail at https://www.openssh.org/releasenotes.html where it implies 2 vulnerabilities were detected with Swival Security Scanner (using LLMs) and another 6 by other researchers/companies (using undisclosed methods).

As an example of one of the OpenSSH vulnerabilites CVE-2026-59996 which is attributed to Swival Security Scanner, Swival have published the output of their automated vulnerability detection report at https://github.com/Swival/security-audits/blob/main/openssh/...

shevy-java - 2 days ago

It is time to abandon Microsoft.

gerdesj - 2 days ago

"Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence."

If only real intelligence found the fucking things instead.

As ye sew, so shall ye reap!

d0100 - 2 days ago

An employee just got phished by adding a number to a legitimate deviceAdd login route that bypasses 2FA and adds a device with full access to office and mail

Probably working as intended...