7 comments

  • kingforaday14 minutes ago
    Full July 2026 Summary: <a href="https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;microsoft-patch-tuesday-reports&#x2F;Microsoft-Patch-Tuesday-July-2026.html" rel="nofollow">https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;microsoft-patch-tuesday-rep...</a>
  • charonn02 hours ago
    It seems like bug hunting might be the one area where AI is actually making the world a better place.
    • ashleyn2 hours ago
      How many were introduced by misuse of AI coding&#x2F;vibe coding though?
      • miffy9001 hour ago
        highly unlikely for many of them. SharePoint, bitlocker, Active directory, hyper-v, rdp, DHCP and MSMQ are all software&#x2F;technologies that have decades of history and long pre-dated LLMs. seriously, do people not realise it was entirely possible to write insecure or bad code before LLMs?
      • stackghost1 hour ago
        At Microslop? Evidently, lots.
      • DANmode2 hours ago
        How many were known, and put on the roadmap because war got hot?
        • iJohnDoe2 hours ago
          How many were put there for Israel, NSA, FBI?
  • lousken3 hours ago
    It would be nice if microsoft had windows update for .net, visual c++, office, windows, edge ... just all their software in one updater, but that would be too easy...
    • jayd1624 minutes ago
      It did work that way for .NET versions but the patches and upgrades caused too many bugs and incompatibility. Folks would install old .net versions anyway.<p>The pattern moved to packaging in all your dependencies.<p>Winget&#x2F;Microsoft Store etc could auto-update your apps even with packaged .NET DLLs, though.
    • netsharc2 hours ago
      Isn&#x27;t that... Windows Update? At least last time I looked it would update .net runtimes, Office, what else? OK, Visual Studio has its own update mechanism. Edge is part of the OS, isn&#x27;t it?
      • miffy90057 minutes ago
        it&#x27;s still an opt-in setting though. Windows and OS-components like drivers and Edge do get auto updated yes, but to enable Microsoft Update, you still need to turn on a setting in the Settings app. even setting up a new PC&#x2F;laptop with windows, this is off by default.
      • ihsw2 hours ago
        [dead]
    • nobodyandproud3 hours ago
      You mean…service packs?
      • anonymars21 minutes ago
        No, &quot;Microsoft Update&quot; is what it was once called (see e.g. <a href="https:&#x2F;&#x2F;learn.microsoft.com&#x2F;en-us&#x2F;windows&#x2F;deployment&#x2F;update&#x2F;update-other-microsoft-products" rel="nofollow">https:&#x2F;&#x2F;learn.microsoft.com&#x2F;en-us&#x2F;windows&#x2F;deployment&#x2F;update&#x2F;...</a>)
  • freitasm3 hours ago
    I wonder how many bugs will be introduced with these fixes...
    • ronsor3 hours ago
      No bugs, only intentional backdoors
  • naturalmovement3 hours ago
    Sounds like a lot but compare it to Edge also being patched for 428 Chromium CVEs this month.<p>If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn&#x27;t have believed it.<p>If Chromium has that many security bugs, perhaps the move fast and break things approach of spraying diarrhea masquerading as code into a keyboard — in a rush to add new features no one asked for — needs to be reexamined.
    • tokioyoyo3 hours ago
      20 years ago software wasn&#x27;t as much battle tested as today, had way less feature set, was less connected to the internet, and etc. 428 CVEs looks small, assuming not all have CVSS 9.8 or something.
      • lousken2 hours ago
        It was more tested as real testers were testing it. Nowadays, AI just checks the code.
        • pixl971 hour ago
          I guess we should find some of this old source code and test it for exploits to see what is true.
          • fragmede1 hour ago
            <a href="https:&#x2F;&#x2F;github.com&#x2F;microsoft&#x2F;ms-dos" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;microsoft&#x2F;ms-dos</a>
    • georgemcbay3 hours ago
      &gt; If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn&#x27;t have believed it.<p>For something as complex as an operating system or a web browser, even one from 20 years ago (say, Windows XP or IE&#x2F;Firefox) I wouldn&#x27;t have believed there were 428 vulnerabilities either, I would have assumed there were much more than that.
    • dylan6043 hours ago
      Even if it had the Microsoft logo attached? Windows was always known to not be the most secure of products. I can&#x27;t imagine anything else from the same company would be any better
  • gerdesj3 hours ago
    &quot;Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence.&quot;<p>If only real intelligence found the fucking things instead.<p>As ye sew, so shall ye reap!
  • d01003 hours ago
    An employee just got phished by adding a number to a legitimate deviceAdd login route that bypasses 2FA and adds a device with full access to office and mail<p>Probably working as intended...
    • xorl3 hours ago
      I always click NO to these, that&#x27;s full human error. edit: The underlying issue is that they send a 2FA before asking for a password at all.