"During May’s Patch Tuesday, Microsoft released fixes for 137 vulnerabilities in Windows, Azure, Dynamics 365, and other products. Although there are no reports of active exploitation, security researchers warn that several vulnerabilities require immediate attention due to their high impact. At the same time, Microsoft confirms that AI now plays a major role in detecting security issues. Of the 137 CVEs, 30 were rated "critical." Fourteen vulnerabilities received a CVSS score of 9.0 or higher. One vulnerability even received the maximum score of 10.0, though Microsoft reports that this specific issue in Azure DevOps has already been resolved on the server side."
"Microsoft notes that the number of discovered vulnerabilities has been rising for some time due to the use of automation and AI analysis. According to the company, software components are now being examined faster and on a larger scale than was possible just a few years ago. In addition, Tom Gallagher, VP of engineering at the Microsoft Security Response Center, announced for the first time an internal AI-driven scanning environment codenamed MDASH. According to SiliconANGLE, this tool helped identify sixteen of the vulnerabilities resolved this month."
"Microsoft also plans to make MDASH available to customers in a limited private preview. The company expects that Patch Tuesday releases will consequently become structurally larger. In a statement, the Microsoft Security Response Center notes that organizations should anticipate a faster pace of patches and potentially more frequent interim updates outside the regular schedule. One of the most severe vulnerabilities this month is CVE-2026-41096, a remote code execution flaw in the Windows DNS Client with a CVSS score of 9.8."
"The issue arises from a heap-based buffer overflow and can be exploited via a specially crafted DNS response. Authentication or user interaction is not required. According to security researchers, the r"
Microsoft released fixes for 137 vulnerabilities across Windows, Azure, Dynamics 365, and other products during May’s Patch Tuesday. No active exploitation was reported, but several issues require immediate attention due to high impact. Thirty CVEs were rated critical, fourteen received a CVSS score of 9.0 or higher, and one reached a 10.0 rating in Azure DevOps with server-side resolution already reported. Microsoft attributes the rising number of discovered vulnerabilities to automation and AI analysis that examine software components faster and at larger scale. Microsoft also introduced MDASH, an internal AI-driven scanning environment that helped identify sixteen vulnerabilities, and plans a limited private preview for customers. Patch Tuesday releases are expected to become structurally larger with a faster patch pace and more interim updates.
#microsoft-patch-tuesday #windows-dns-client #vulnerability-management #ai-security-scanning #cvecvss
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]