Microsoft has released software updates to plug at least 570 security holes(krebsonsecurity.com)
202 points by robin_reala 1 day ago | 118 comments
tl;dr: Microsoft patched 570 vulnerabilities this Patch Tuesday—nearly triple last month's record—including 60 critical bugs and three zero-days, two of which are being actively exploited. Microsoft attributes the surge to AI-assisted vulnerability discovery, a trend echoed by Adobe, Cisco, Mozilla, Oracle, and Google ramping up their own patch cadences. Researchers warn that Microsoft's human-centric "exploitability index" is falling behind, as AI tools like Anthropic's red team model have produced working exploits for 13 of 14 flaws rated "less likely" to be exploited.
HN Discussion:
  • AI-assisted bug hunting is a genuinely positive use of the technology
  • Skepticism that the AI narrative is real; may be backlog fixes rebranded as AI discoveries
  • ~Windows has an inherently massive attack surface making patches a never-ending cycle
  • Microsoft's bug reporting process is broken and ignores external researchers
  • Concerns about patch quality and whether fixes introduce new vulnerabilities or address chained exploits