Microsoft Smashes Record For Biggest Ever Patch Tuesday Update (computerweekly.com) 51
An anonymous reader quotes a report from ComputerWeekly: Microsoft has issued patches for about 200 flaws in its latest monthly Patch Tuesday drop, blasting past a previous record high of almost 170 common vulnerabilities and exposures (CVEs) set in October 2025. Among a great many others, the latest update from Redmond fixes a total of 32 critical CVEs and three zero-day flaws. Dustin Childs, head of threat awareness at TrendAI's Zero Day Initiative, said: "We are heading into a high-stakes summer for cyber security. June's record-shattering drop ... is a stark warning that AI is supercharging flaw discovery at an uncontrollable scale. The current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018. It is extraordinary that Microsoft can produce so many patches in a single month, and I expect many testers are wondering what quality issues may exist."
And with the addition of hundreds of CVEs in Google Chrome and Microsoft Edge (Chromium) and other third-party flaws taking the total to almost 600, Chris Goettl, vice president of security product management at Ivanti, said talk of a 'Patch Apocalypse' was no longer unwarranted. "We are in the Patch Apocalypse. The Patch Apocalypse is now," said Goettl. "This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs [Large Language Models] has accelerated significantly in the first half of 2026."
"There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to five days as of 2023 threat intelligence data." Goettl said that many suppliers have acknowledged the need to use AI tools in their security research to identify and resolve flaws, with Oracle, Google Chrome and Mozilla all upping the cadence of their updates. Whether or not Microsoft follows suit remains to be seen.
And with the addition of hundreds of CVEs in Google Chrome and Microsoft Edge (Chromium) and other third-party flaws taking the total to almost 600, Chris Goettl, vice president of security product management at Ivanti, said talk of a 'Patch Apocalypse' was no longer unwarranted. "We are in the Patch Apocalypse. The Patch Apocalypse is now," said Goettl. "This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs [Large Language Models] has accelerated significantly in the first half of 2026."
"There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to five days as of 2023 threat intelligence data." Goettl said that many suppliers have acknowledged the need to use AI tools in their security research to identify and resolve flaws, with Oracle, Google Chrome and Mozilla all upping the cadence of their updates. Whether or not Microsoft follows suit remains to be seen.
Re:Yeah! Most incompetent ever! So much winning! (Score:4, Insightful)
Penetration and vulnerability testing has accelerated massively, to the tunes of hundreds if not thousands of times with modern AI.
The fact that they managed to keep up with this and publish massive amount of patches is a sign of excellence.
And they want this testing to continue, so these are found before they're exploited to any significant degree.
Re: (Score:3, Informative)
It's ok to hate microsoft. But I still remember the time when just forgetting to unplug ethernet cable from your PC while installing XP led to it starting to spew ads at you within 30 seconds of hitting desktop after installation being finished.
Today, you could install a barebones basic bitch win 10 home/pro 1607, and hit it with common script kiddie kit exploits and it will be just fine out of the box.
https://www.youtube.com/watch?... [youtube.com]
Part of that is MS working together with router manufacturers, and part o
Re: (Score:1)
Bitch about MS all you want, they took security problems very seriously after XP and fixed almost all of it.
Is that why we were discussing one of their allegedly patched vulns still not being patched years later... like two weeks ago? They take stock prices seriously, security not so much.
Re: (Score:1)
They can't even get the parts people can see right - performance, UI. Something arcane and obscured like security? What's the impetus for them to care about that?
Re: (Score:1)
Microsoft 365 (no longer "Office") has its own layer of special UI crap above and beyond the base Windows experience. It gets real fun if you have multiple Excel windows minimized and one of them wants to open a dialog box... ALL of your Excel windows will expand, typically the one asking for something is at the very bottom, and then you have to minimize the 3 or 4 Excel windows that just unnecessarily maximized, to find the one that opened a dialog box.
Re: (Score:1)
Also just a general lag and race conditions in the Explorer UI. Frequently I find myself left-clicking a file, hitting Ctrl+C, going to another window to Ctrl+V - just like I have in every OS for 30 years. The problem is W11 doesn't register the file selection immediately on click. There's occasionally a small delay, probably under 200ms. But it sets up a race condition. It has resulted in me accidentally copying entire disks, due to the new file selection not registering immediately, and the previous sel
Re: (Score:1)
My favorite thing is how when I open an office document when I've got one already open in that program, the other window MAY (or may not) un-maximize and rise to the top before the new window appears. That doesn't fuck up my workflow or anything... wait, yes it does, it fucks it right in the ass.
I also especially like how Outlook appointment notifications usually don't come to the top even when you're not typing, they just show up under other Office windows, and cause the taskbar icon to flash. They occasio
Re: (Score:1)
Yep. They still have not caught up to what was the state-of-the-art 30 years ago. And they probably never will because they cannot. They do not understand the technology well enough and are sitting on a sky-high mountain of technological debt.
hahhahahahah (Score:2)
Someone came along to mod me down for complaining about literally the worst software company in all history. Rent free!
Re: (Score:2)
We can always depend on you to deliver the most stupid, deranged and disconnected comments. Nice to see at least some things do not change.
Re: (Score:2)
Now let's hope they didn't use AI to code the "fixes" that just introduce more flaws.
Re: (Score:2)
Microsoft is perfectly capable of introducing more flaws without the help of AI
Re:Yeah! Most incompetent ever! So much winning! (Score:4, Insightful)
Re: (Score:2)
Because hiding flaws is how flaws get exploited.
We should be congratulating them in fixing this shit, and expecting them to continue the pace of fixing all the other shit in their products.
Missed opportunity Chris Goetti (Score:2)
Maybe a surge due to recent AI analysis (Score:2)
Re: (Score:2)
Re: (Score:2)
Seriously, why are not trying to hide this in shame?
Quoted against censorship mods.
But I have to go for the obvious joke since there is currently no Funny in the 'discussion'.
But Microsoft finally patched the last bugs and now we have nothing to worry about!
Then go for unfunny with a book citation. It's an oldie but interesting background on how Microsoft wound up here. Microsoft Secrets by Cusamano and Selby covers a lot of the history and processes of Microsoft's software development processes up to 1995.
Re: (Score:2)
You see this as a bad thing? This is a hell of an achievement and it's really impressive. And so you know, a lot of the CVEs were code fixes not just to windows but to open source projects which Linux depends heavily on, such as web browser engines. So, if you want to go down this path, I think you should also say "shouldn't the entire non-Microsoft infrastructure be embarrassed that Microsoft has to clean up their mess?"
Consider this, if all of this is being found and fixed
Are they using Myhos? (Score:4, Interesting)
...but more to the point AI is helping find and fix more bugs and security issues than ever before. This is a good thing.
Re: (Score:3)
Re: (Score:2)
This is the bugs that got reported... how many did a group of black hats or whoever keep from being reported for their own use?
You can keep finding bugs and fixing them, and eventually you end up with an OS that's walled itself off from everything.
Uncontrollable? (Score:2)
"AI is (...) at an uncontrollable scale."
Well, that's comforting.
Re: (Score:3)
Oh it's controllable. I'll bet there are big levers on electrical panels somewhere in the data center to open the main input circuits.
Barring that, there are plenty of manual ways of cutting electrical cables - anything from bolt cutters to backhoes.
Re: (Score:2)
That's what you think !
https://www.youtube.com/watch?v=NPNq_7AbGPk&t=110s
...and it's busted some machines... (Score:2)
According to co-workers, the latest patch bundle has caused some problems. Patches are curated, but apparently some issues got through. I've put off updates until tonight. Tomorrow may not be very productive.
Re: ...and it's busted some machines... (Score:1)
Re: (Score:2)
Meanwhile, I'll continue blasting along using macOS and Debian.
Re: (Score:2)
For me it's MacOS and Mint, but I have a Winders machine assigned to me on which I am forced to do development for a job.
In fairness, MacOS updates have caused problems. Although, not anywhere nearly as frequently.
Re: (Score:2)
Re: (Score:2)
According to co-workers, the latest patch bundle has caused some problems.
It is not uncommon that the patch Tuesday updates results in some problems in some environments and on some machines, even those size of those updates seem smaller.
Is the thinking ... (Score:1)
That there will be a massive amount of patches for a few months to clean up old software. Then patch tuesdays get real small as everything previously deployed has been patched. At the same time new software gets fixed before shipping using the same Mythos type AIs?
Maybe newer, better versions of Mythos finds more problems in the old stuff.
The real trouble is older stuff in production that's no longer supported. ie Windows versions older than10.
And will purposeful backdoors get closed. Is Mythos programmed t
not getting better (Score:2)
Kinda sad that all this patching does not clearly make the situation any better, there will still be more patching.
What he really should have said (Score:3)
It is deeply embarassing that Microsoft needs produce so many patches in a single month.
But consistent with past behavior (it's not a bug, it's a feature!), Microsoft is again twisting the truth.
Re: (Score:1)
Would you rather they leave shit unpatched? Or are you a time traveler who can go prevent them from releasing software that is already released?
Not sure what your point is, other than just piling on. It's really hard to get the creamer out of the coffee once it's in there.
Re: (Score:2)
Re: (Score:2)
But consistent with past behavior (it's not a bug, it's a feature!), Microsoft is again twisting the truth.
To be fair, it works. We even get complete nil wits here that cheer for them, even when their sheer incapability is on display like never.
Re: (Score:2)
We have seen a fair few critical bugs in Linux lately, and doubtless there are many we don't know about but which people using Mythos and the like have already found. You can bet that the NSA has a long list, for example.
single patch (Score:3)
I was able to implement a single patch that removed all those vulnerabilities. I patched my computer to run Linux.
Re:single patch (Score:4, Informative)
Well, and FWIW, there has been a huge increase in the number of
"security fixes" Debian has been downloading recently. I assume the same is true of other Linux distros and probably for Apple, though I don't think those are made public. Perhaps the BSDs haven't seen a large uptick.
Re: (Score:2)
Re: (Score:2)
Comparatively, BSD is faring better than Linux and s
That figures (Score:2)
PSA (Score:2)
If you haven't already, figure out how you'll expedite your patching cycle. AI tools capable of exploit detection are also going to allow bad actors to reverse engineer patches and work out what the vulnerability was in the first place (and, presumably, use AI to then write the code to exploit it).
"Eh, we'll patch it within 30 days before the details of the CVE are released" is probably no longer good enough,
Makes you realize how BAD Windows is !!!!! (Score:2)
Re: (Score:2)
With the mess their code-base is, I consider it quite possible that they can now only increase the number of problems. Maybe LLMs will be what finally puts Microsoft on the trash-heap of tech history. Obviously, LLMs only find a small faction of the vulnerabilities in code, but they may find enough in MS code to just keep going and going.