{"id":16816,"date":"2026-07-17T14:23:22","date_gmt":"2026-07-17T14:23:22","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=16816"},"modified":"2026-07-17T14:23:22","modified_gmt":"2026-07-17T14:23:22","slug":"microsoft-patches-a-file-570-safety-flaws-krebs-on-safety","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=16816","title":{"rendered":"Microsoft Patches a File 570 Safety Flaws \u2013 Krebs on Safety"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><strong>Microsoft Corp.<\/strong> as we speak launched software program updates to plug not less than 570 safety holes in its <strong>Home windows<\/strong> working techniques and different software program, virtually triple the variety of vulnerabilities the software program large fastened in its record-smashing Patch Tuesday launch final month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by synthetic intelligence.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-56287 aligncenter\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png\" alt=\"A picture of a windows laptop in its updating stage, saying do not turn off the computer.\" width=\"749\" height=\"527\" srcset=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png 841w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate-768x541.png 768w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate-782x550.png 782w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate-100x70.png 100w\" sizes=\"auto, (max-width: 749px) 100vw, 749px\"\/><\/p>\n<p>Almost 60 of the bugs quashed in July\u2019s Patch Tuesday earned a \u201cimportant\u201d severity score, which means miscreants or malware might use them to grab distant management over a Home windows gadget with little or no assist from the person. Microsoft additionally addressed three zero-day flaws, together with two which might be already being exploited within the wild.<\/p>\n<p>Two of the zero-day weaknesses permit an attacker to raise their person rights on a Home windows system, as do roughly 250 different elevation of privilege flaws fastened this month; they embrace <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-56155\" target=\"_blank\" rel=\"noopener\">CVE-2026-56155<\/a> \u2014 an <strong>Lively Listing Federation Providers<\/strong> bug \u2014 and <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-56164\" target=\"_blank\" rel=\"noopener\">CVE-2026-56164<\/a>, a <strong>Microsoft Sharepoint<\/strong> vulnerability.<\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-50661\" target=\"_blank\" rel=\"noopener\">CVE-2026-50661<\/a> is a safety characteristic bypass in <strong>Home windows BitLocker<\/strong> that would permit attackers to realize entry to encrypted knowledge if they&#8217;ve bodily entry to the gadget. Microsoft stated this bug has been detailed publicly, however that it isn&#8217;t conscious of any lively exploitation.<\/p>\n<p>In a weblog put up on July 9, Microsoft Govt Vice President <strong>Pavan Davuluri<\/strong> wrote that Home windows customers will discover \u201cthe next quantity of safety updates included in every safety launch\u201d on account of AI aiding within the discovery of vulnerabilities.<\/p>\n<p>\u201cThe tempo of vulnerability discovery is altering with advances in AI making it potential to search out extra points, quicker, throughout extra code, with new mechanisms that may speed up each discovery and evaluation,\u201d Davuluri <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/blogs.windows.com\/windowsexperience\/2026\/07\/09\/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery\/\" target=\"_blank\" rel=\"noopener\">wrote<\/a>.<span id=\"more-73991\"\/><\/p>\n<p><strong>Jack Bicer<\/strong>, director of vulnerability analysis at <strong>Action1<\/strong>, referred to as consideration to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-48561\" target=\"_blank\" rel=\"noopener\">CVE-2026-48561<\/a>, a distant code execution flaw in Microsoft Copilot (with a 9.6 CVSS risk rating) that permits an unauthorized attacker to execute code over the community. Microsoft says an attacker might exploit this bug by internet hosting a malicious web site that causes Microsoft Edge for Android to robotically ship crafted prompts to Copilot when a person visits the location.<\/p>\n<p>As AI advances the state of vulnerability discovery and remediation, additionally it is making it simpler for attackers to shortly devise working exploits for recognized software program flaws. Microsoft has lengthy labeled safety bugs utilizing its \u201cexploitability index,\u201d which is Redmond\u2019s greatest guess as to how possible it&#8217;s that attackers will have the ability to work out a dependable technique to exploit a given vulnerability.<\/p>\n<p>However <strong>Satnam Narang<\/strong>, senior employees analysis engineer at <strong>Tenable<\/strong>, argues that Microsoft\u2019s exploitability index must do a greater job of shifting with the machine pace of discovery. For instance, Microsoft initially gave this month\u2019s SharePoint zero-day an exploitability score of \u201cmuch less possible,\u201d though the flaw was <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/07\/01\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\" rel=\"noopener\">added<\/a> to CISA\u2019s Recognized Exploited Vulnerabilities record on July 1.<\/p>\n<p>\u201cAnthropic\u2019s Purple Group\u2019s personal findings for recognized vulnerabilities (n-days) revealed how fragile this technique has grow to be, with its Mythos Preview mannequin with the ability to produce proof-of-concept exploits for 13 of 14 vulnerabilities that have been rated \u2018Exploitation Much less Probably\u2019 or \u2018Exploitation Unlikely,&#8217;\u201d Narang stated. \u201cWhat this implies is that our manner of taking a look at Patch Tuesday has modified, as a result of the exploitability index is centered round people, not AI instruments, and as these instruments proceed to enhance, protection wants to enhance alongside it.\u201d<\/p>\n<p><strong>Chris Goettl<\/strong> at <strong>Ivanti<\/strong> noticed that the report patch numbers from Microsoft come as plenty of different main software program makers are growing their patch cadence, together with Adobe which introduced as we speak it&#8217;s transferring to twice-monthly safety bulletins printed on the 2nd and 4th Tuesday of every month (Adobe additionally cited AI for accelerating their patch cycles). <strong>Cisco<\/strong>, <strong>Mozilla<\/strong> and <strong>Oracle<\/strong> are also delivery updates extra often, whereas Google\u2019s patch batches in June 2026 totaled greater than 900 safety fixes, Goettl famous.<\/p>\n<p>Backing up your Home windows system and\/or knowledge is at all times a good suggestion earlier than making use of working system updates. Given the quantity of patches addressed this month it could be sensible for finish customers to attend a couple of days earlier than making use of these fixes. It\u2019s not unusual for safety patches to introduce system stability points, and people possibilities in all probability improve fairly a bit with the big patch rely launched as we speak.<\/p>\n<p>Additional studying:<\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.action1.com\/patch-tuesday\/patch-tuesday-july-2026\/?vyi\" target=\"_blank\" rel=\"noopener\">Action1\u2019s Patch Tuesday weblog<\/a><\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/listen.automox.com\/episodes\/patch-fix-tuesday-july-2026-e34\" target=\"_blank\" rel=\"noopener\">Automox\u2019s rundown<\/a><\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Corp. as we speak launched software program updates to plug not less than 570 safety holes in its Home windows working techniques and different software program, virtually triple the variety of vulnerabilities the software program large fastened in its record-smashing Patch Tuesday launch final month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16818,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[1812,262,618,6544,1966,211],"class_list":["post-16816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-flaws","tag-krebs","tag-microsoft","tag-patches","tag-record","tag-security"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16816"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16816\/revisions"}],"predecessor-version":[{"id":16817,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16816\/revisions\/16817"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/16818"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-07-17 21:09:50 UTC -->