Microsoft and Others Likely to Break Bug Patch Count This Year
As everyone uses AI to find bugs several things are happening:
- Multiple people are reporting the same bug, taking time to figure out whether different reports refer to the same underlying bug.
- Hackers may flood companies with fake bug reports to distract limited resources from patching real bugs.
- Companies will find (and hopefully patch) bugs more quickly.
- Hackers will find bugs and exploit them more quickly.
- The entire process velocity will continue to increase as AI gets even better.
This week Microsoft patched over 130 bugs.
Last month they patched 173 of them.
At least for the next few years, that velocity will not slow down. In fact, it will increase.
Microsoft announced a new AI driven bug hunting tool they are using internally called MDASH. It found 16 of the vulnerabilities that were patched this month. This included four rated critical, all without any human finding them first.
One of the problems this will cause (which we already saw this month) is that as companies try to keep up with the tidal wave of bugs, patch quality will go down, causing crashes and system failures. That means backups are even more important than ever.
As a user organization, this means that you need to review your patch hygiene and not just for Microsoft products because hackers will reverse engineer these patches using AI as well and very quickly discover how to exploit unpatched systems.
If you need assistance, please contact us.
Credit: The Record – https://therecord.media/microsoft-on-pace-to-break-annual-vulnerability-record-ai
by 