Microsoft Patches a Record 570 Security Flaws

robin_reala 82 points 39 comments July 14, 2026
krebsonsecurity.com · View on Hacker News

Discussion Highlights (11 comments)

gerdesj

"Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence." If only real intelligence found the fucking things instead. As ye sew, so shall ye reap!

d0100

An employee just got phished by adding a number to a legitimate deviceAdd login route that bypasses 2FA and adds a device with full access to office and mail Probably working as intended...

freitasm

I wonder how many bugs will be introduced with these fixes...

naturalmovement

Sounds like a lot but compare it to Edge also being patched for 428 Chromium CVEs this month. If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn't have believed it. If Chromium has that many security bugs, perhaps the move fast and break things approach of spraying diarrhea masquerading as code into a keyboard — in a rush to add new features no one asked for — needs to be reexamined.

lousken

It would be nice if microsoft had windows update for .net, visual c++, office, windows, edge ... just all their software in one updater, but that would be too easy...

charonn0

It seems like bug hunting might be the one area where AI is actually making the world a better place.

kingforaday

Full July 2026 Summary: https://www.bleepingcomputer.com/microsoft-patch-tuesday-rep...

ReactiveJelly

They should patch that Global Device ID thing :^)

fuckinpuppers

This is great. Now ask Mythos to make windows suck less and let it go crazy.

devin

How many are chained, and how many patches are defense-in-depth after discovering chained paths to that flaw?

dhx

Title is not correct. Microsoft didn't patch a lot of this, they're reporting patches for dependencies that other people patched and Microsoft are inheriting. For example, Mariner (now branded Azure Linux) is a Microsoft-supported Linux distribution. So in this list of 570 vulnerabilities, Microsoft have reported 100 vulnerabilities inherited from all sorts of open source software projects included in their Azure Linux distribution. The OpenSSH vulnerabilities are described in better detail at https://www.openssh.org/releasenotes.html where it implies 2 vulnerabilities were detected with Swival Security Scanner (using LLMs) and another 6 by other researchers/companies (using undisclosed methods). As an example of one of the OpenSSH vulnerabilites CVE-2026-59996 which is attributed to Swival Security Scanner, Swival have published the output of their automated vulnerability detection report at https://github.com/Swival/security-audits/blob/main/openssh/...

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed