HomeEverythingEducationTV
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Microsoft AI Aids Discovery of Record Security Vulnerabilities

Created at 15 Jul · 4:30 PM1 source↑ Market-relevant
IN SHORT

Microsoft issued a record 570 security patches for its products, attributing the surge to AI tools that help uncover vulnerabilities. At least two zero-day exploits were among the fixes, with one impacting Windows Server and another SharePoint.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

570security flaws patched by Microsoft
twozero-day vulnerabilities patched

Who's Involved

Microsoft
issued record number of security patches
Pavan Davuluri
Windows boss at Microsoft
CISA
U.S. government's cybersecurity agency
Microsoft AI Aids Discovery of Record Security Vulnerabilities

↳ Why This Matters

The increasing sophistication of AI in uncovering software vulnerabilities, while beneficial for security, leads to a higher volume of critical patches, potentially straining IT resources and increasing the risk of exploitation if not applied promptly.

Key facts

  • Microsoft issued 570 security patches for Windows, Office, and other products.
  • The company stated that AI tools were used to discover these vulnerabilities.
  • At least two of the patched vulnerabilities were zero-days.
  • A Windows Server vulnerability allowed hackers to escalate privileges.
  • A SharePoint vulnerability was actively exploited by hackers.

Microsoft released a record 570 security patches for its products, including Windows and Office, this week. The company attributed the significant increase in vulnerabilities discovered to its use of artificial intelligence tools. These AI models are helping employees uncover previously unknown security bugs in software, some of which dates back decades.

Among the patches were at least two zero-day vulnerabilities, meaning they were exploited before Microsoft became aware of them. One critical bug affecting Windows Server allows attackers to gain system administrator privileges from a limited user account. Another vulnerability targets the SharePoint file sharing server, prompting a warning from the U.S. government's cybersecurity agency, CISA, about active exploitation by hackers to compromise organizations.

Pavan Davuluri, head of Windows, stated that as AI becomes more advanced in cybersecurity, customers can expect a higher volume of security updates in each release.

Frequently asked questions

A zero-day vulnerability is a security flaw that is unknown to the software vendor and has not yet been patched, making it a target for immediate exploitation by hackers.

Microsoft is using AI to help its employees discover more security bugs in its software, especially in older codebases, leading to a higher volume of patches.

Patch Tuesday is the common name for Microsoft's monthly scheduled release of security fixes and updates for its software products.

What Happens Next

01Customers are advised to apply the latest security patches promptly.
02Microsoft is expected to continue leveraging AI for vulnerability discovery.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

Microsoft released 570 security patches for its products.
The company cited AI as a key factor in discovering vulnerabilities.
At least two zero-day vulnerabilities were included in the patch release.
One zero-day affects Windows Server, allowing privilege escalation.
Another zero-day impacts SharePoint, with active exploitation noted by CISA.

Sources

T1
Microsoft patches record number of security vulnerabilities, citing its use of AITechCrunch

Related Stories

Microsoft AI chief: 'AI sovereignty' means local values, not isolation
15 Jul · 5:11 AM
Microsoft Secure Boot bypassed for 13 years due to unrevoked shims
14 Jul · 10:31 PM
Boko Haram exploited AI chatbots for attacks, Cambridge study finds
14 Jul · 9:46 PM
Apple Intelligence AI service registered with China's cyberspace regulator
15 Jul · 9:16 AM
Coinbase AI adoption: Over 95% of code now written with LLMs
15 Jul · 12:16 AM