Dustin Childs
Coverage of Dustin Childs in the Nexus archive.
- Microsoft breaks Patch Tuesday record with 206 vulnerabilities
Microsoft released 206 vulnerabilities in its latest Patch Tuesday update, the largest monthly batch on record. Experts warn this reflects a growing trend of software flaws, with AI playing a role in discovery and patching. The update included three publicly known vulnerabilities and one actively exploited zero-day in Microsoft Defender.
- Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
Palo Alto Networks used AI to scan its codebase and found 75 security holes, while Microsoft's AI-powered bug hunting system MDASH found 17 vulnerabilities. This increase in vulnerability detection is expected to lead to more patches and work for admins. The use of AI in bug hunting is becoming more prevalent among security vendors.
- Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs
Microsoft released fixes for 137 CVEs, including 30 critical flaws, with 14 earning a 9.0 or higher CVSS severity rating. The company's AI bug hunting system, MDASH, found 16 of the vulnerabilities addressed in this month's release. Microsoft admins are expected to face a lot more work in applying and testing the patches.
- Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
Microsoft addressed 137 vulnerabilities in its May Patch Tuesday update, including 13 rated critical, with no actively exploited zero-days reported. The vulnerabilities affect various Microsoft products and components, such as Azure and Microsoft Dynamics 365. Researchers attribute the high volume of vulnerabilities to the growing use of artificial intelligence models in finding previously uncovered defects.
- NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
NIST has narrowed its focus for analyzing CVEs to prioritize those in CISA's catalog, federal government software, and critical software under Executive Order 14028 due to an overwhelming increase in vulnerabilities. The change aims to stabilize the NVD program amid backlogs and funding challenges, shifting away from automatically enriching non-priority CVEs.
- Microsoft drops its second-largest monthly batch of defects on record
Microsoft released its second-largest monthly batch of security patches, addressing 165 vulnerabilities, including a zero-day flaw in SharePoint actively exploited in the wild. The update highlighted a surge in AI-discovered vulnerabilities and included high-severity flaws in Microsoft Defender and Windows IKE Extension.