Microsoft uses AI to patch record number of security vulnerabilities

Applications of AI


Microsoft this week released a record number of security patches for Windows, Office and other technology product lines, citing the use of AI to help find vulnerabilities in code.

The technology and cloud giant issued patches for 570 security flaws on Tuesday as part of its monthly scheduled fix releases. Security researchers have long referred to this as “Patch Tuesday.”

At least two vulnerabilities are classified as zero-day, meaning they were exploited before Microsoft was aware of them. One bug affecting Windows Server allows hackers to elevate privileges from limited users to system administrators. Another bug affects SharePoint file sharing servers. The U.S. government’s cybersecurity agency CISA has warned that hackers are actively exploiting the bug to compromise organizations.

Krebs on Security first reported the news.

This major patch update comes a week after Microsoft said in a blog post that it expects the number of regular monthly security patches to be much higher than before. The company cited its use of AI to help employees discover previously undiscovered security bugs in its software.

Pavan Davuluri, head of Windows, said, “AI helps defenders find more problems, which means customers receive more security updates with each security release.”

As AI models become more sophisticated and focused on cybersecurity issues, security researchers are using them to uncover vulnerabilities in software code that may have been dormant for years, or even longer. Some of Microsoft’s Windows code dates back decades.



Source link