comments (10)

  • Title is not correct. Microsoft didn't patch a lot of this, they're reporting patches for dependencies that other people patched and Microsoft are inheriting.

    For example, Mariner (now branded Azure Linux) is a Microsoft-supported Linux distribution. So in this list of 570 vulnerabilities, Microsoft have reported 100 vulnerabilities inherited from all sorts of open source software projects included in their Azure Linux distribution. The OpenSSH vulnerabilities are described in better detail at https://www.openssh.org/releasenotes.html where it implies 2 vulnerabilities were detected with Swival Security Scanner (using LLMs) and another 6 by other researchers/companies (using undisclosed methods).

    As an example of one of the OpenSSH vulnerabilites CVE-2026-59996 which is attributed to Swival Security Scanner, Swival have published the output of their automated vulnerability detection report at https://github.com/Swival/security-audits/blob/main/openssh/...

    dhx

  • If you want an easy way to view these I made https://wofa.dev to keep track of windows updates and security patches in a single place

    JSTucker

  • It seems like bug hunting might be the one area where AI is actually making the world a better place.

    charonn0

  • This is great. Now ask Mythos to make windows suck less and let it go crazy.

    fuckinpuppers

  • They should patch that Global Device ID thing

    :^)

    ReactiveJelly

  • kingforaday

  • How many are chained, and how many patches are defense-in-depth after discovering chained paths to that flaw?

    devin

  • I wonder how many bugs will be introduced with these fixes...

    freitasm

  • It would be nice if microsoft had windows update for .net, visual c++, office, windows, edge ... just all their software in one updater, but that would be too easy...

    lousken

  • Sounds like a lot but compare it to Edge also being patched for 428 Chromium CVEs this month.

    If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn't have believed it.

    If Chromium has that many security bugs, perhaps the move fast and break things approach of spraying diarrhea masquerading as code into a keyboard — in a rush to add new features no one asked for — needs to be reexamined.

    naturalmovement