Microsoft Patches a Record 570 Security Flaws
19 points
3 hours ago
| 6 comments
| krebsonsecurity.com
| HN
charonn0
23 minutes ago
[-]
It seems like bug hunting might be the one area where AI is actually making the world a better place.
reply
lousken
34 minutes ago
[-]
It would be nice if microsoft had windows update for .net, visual c++, office, windows, edge ... just all their software in one updater, but that would be too easy...
reply
netsharc
26 minutes ago
[-]
Isn't that... Windows Update? At least last time I looked it would update .net runtimes, Office, what else? OK, Visual Studio has its own update mechanism. Edge is part of the OS, isn't it?
reply
nobodyandproud
32 minutes ago
[-]
You mean…service packs?
reply
naturalmovement
1 hour ago
[-]
Sounds like a lot but compare it to Edge also being patched for 428 Chromium CVEs this month.

If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn't have believed it.

If Chromium has that many security bugs, perhaps the move fast and break things approach of spraying diarrhea masquerading as code into a keyboard — in a rush to add new features no one asked for — needs to be reexamined.

reply
tokioyoyo
51 minutes ago
[-]
20 years ago software wasn't as much battle tested as today, had way less feature set, was less connected to the internet, and etc. 428 CVEs looks small, assuming not all have CVSS 9.8 or something.
reply
lousken
28 minutes ago
[-]
It was more tested as real testers were testing it. Nowadays, AI just checks the code.
reply
dylan604
57 minutes ago
[-]
Even if it had the Microsoft logo attached? Windows was always known to not be the most secure of products. I can't imagine anything else from the same company would be any better
reply
naturalmovement
54 minutes ago
[-]
You need to recalibrate your calendar. It's not 2003 anymore.

Open source has proven over that time that the community can produce just as awful software and that many eyeballs are not in fact looking at it.

reply
georgemcbay
57 minutes ago
[-]
> If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn't have believed it.

For something as complex as an operating system or a web browser, even one from 20 years ago (say, Windows XP or IE/Firefox) I wouldn't have believed there were 428 vulnerabilities either, I would have assumed there were much more than that.

reply
freitasm
1 hour ago
[-]
I wonder how many bugs will be introduced with these fixes...
reply
ronsor
48 minutes ago
[-]
No bugs, only intentional backdoors
reply
gerdesj
1 hour ago
[-]
"Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence."

If only real intelligence found the fucking things instead.

As ye sew, so shall ye reap!

reply
d0100
1 hour ago
[-]
An employee just got phished by adding a number to a legitimate deviceAdd login route that bypasses 2FA and adds a device with full access to office and mail

Probably working as intended...

reply
xorl
57 minutes ago
[-]
I always click NO to these, that's full human error. edit: The underlying issue is that they send a 2FA before asking for a password at all.
reply