- If I find a bug in very important MS products, I usually do report them using their shitty feedback app. Not once has any of that yielded anything.
Maybe a way to find tons of high impact bugs would be to let MS developers access those bug reports?
- It seems like bug hunting might be the one area where AI is actually making the world a better place.
by ReactiveJelly
0 subcomment
- They should patch that Global Device ID thing
:^)
by fuckinpuppers
2 subcomments
- This is great. Now ask Mythos to make windows suck less and let it go crazy.
- If you want an easy way to view these I made https://wofa.dev to keep track of windows updates and security patches in a single place
by 1vuio0pswjnm7
0 subcomment
- The attack surface of Windows is infinite
As one door closes, another opens
"Features"
"Fixes"
Job security
Security holes
The threat model is Microsoft
by kingforaday
0 subcomment
- Full July 2026 Summary: https://www.bleepingcomputer.com/microsoft-patch-tuesday-rep...
- Gets me wondering if it is real or they just got a backlog quick fixes dropped so it looks like AI bug hunting really works to prop up their AI bullshit narrative.
- I wonder how many bugs will be introduced with these fixes...
- How many are chained, and how many patches are defense-in-depth after discovering chained paths to that flaw?
- It would be nice if microsoft had windows update for .net, visual c++, office, windows, edge ... just all their software in one updater, but that would be too easy...
by naturalmovement
7 subcomments
- Sounds like a lot but compare it to Edge also being patched for 428 Chromium CVEs this month.
If 20 years ago you told me a single piece of software had 428 vulnerabilities I wouldn't have believed it.
If Chromium has that many security bugs, perhaps the move fast and break things approach of spraying diarrhea masquerading as code into a keyboard — in a rush to add new features no one asked for — needs to be reexamined.
- Title is not correct. Microsoft didn't patch a lot of this, they're reporting patches for dependencies that other people patched and Microsoft are inheriting.
For example, Mariner (now branded Azure Linux) is a Microsoft-supported Linux distribution. So in this list of 570 vulnerabilities, Microsoft have reported 100 vulnerabilities inherited from all sorts of open source software projects included in their Azure Linux distribution. The OpenSSH vulnerabilities are described in better detail at https://www.openssh.org/releasenotes.html where it implies 2 vulnerabilities were detected with Swival Security Scanner (using LLMs) and another 6 by other researchers/companies (using undisclosed methods).
As an example of one of the OpenSSH vulnerabilites CVE-2026-59996 which is attributed to Swival Security Scanner, Swival have published the output of their automated vulnerability detection report at https://github.com/Swival/security-audits/blob/main/openssh/...
by shevy-java
2 subcomments
- It is time to abandon Microsoft.
- "Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence."
If only real intelligence found the fucking things instead.
As ye sew, so shall ye reap!
- An employee just got phished by adding a number to a legitimate deviceAdd login route that bypasses 2FA and adds a device with full access to office and mail
Probably working as intended...