Microsoft Patches Record 570 Flaws, Two Already Exploited

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Microsoft issued patches for 570 security flaws on Tuesday in its monthly "Patch Tuesday" release, the largest batch on record
- At least two of the vulnerabilities are zero-days already being exploited before Microsoft was aware of them
- One zero-day in Windows Server allows attackers to escalate privileges from a limited user to a system administrator
- Another zero-day in SharePoint prompted CISA to warn that hackers were actively exploiting the bug to compromise organizations
- Microsoft attributed the surge to AI helping employees uncover previously hidden security bugs in its software
- Pavan Davuluri, Microsoft's Windows boss, said customers will see higher patch volumes as AI helps defenders surface more issues
- Parts of Microsoft's Windows codebase date back decades, meaning long-dormant vulnerabilities are now surfacing as AI scours legacy code
Why it matters: With two zero-days already weaponized in the wild and CISA flagging active exploitation of the SharePoint bug, IT and security teams face immediate patching pressure across Windows Server and SharePoint deployments. Microsoft's framing of AI as the driver signals this elevated patch cadence — 570 flaws in a single month — is structural, not a one-time spike, meaning defenders must budget for sustained heavier update loads.




