Microsoft patches 622 flaws, including SharePoint bugs›via IT Brief Australia
thehackernews.comMicrosoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
thehackernews.comMicrosoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack




BackBox.orgCursor IDE Auto-Executes Malicious Code in Poisoned Repos





Microsoft released its July 2024 Patch Tuesday update, fixing a record 570 security vulnerabilities, including three zero-day flaws. The update nearly triples the previous record set last month, according to Hacker News and Krebs on Security. Among the patches are fixes for two zero-days that have been actively exploited in attacks, as well as one publicly disclosed vulnerability. The exploited bugs affect Active Directory and SharePoint Server, while the disclosed zero-day involves BitLocker, BleepingComputer reported. Nearly 60 of the patched vulnerabilities are rated as critical, meaning they allow remote code execution, according to Hacker News and Krebs on Security. "Microsoft attributed the surge in vulnerability discoveries to the use of artificial intelligence in security research." The company has increasingly turned to AI-powered analysis to identify flaws in its software, a shift that helps explain the historically high patch count this month. The July update dwarfs even the previous record-smashing release in June, which had already alarmed security teams. BackBox.org noted that the patch count is "almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month." The sheer volume underscores the rapidly growing challenge of securing modern software, though Microsoft insists the trend reflects better detection rather than worsening code quality. Users are advised to apply the updates as soon as possible, especially given the active exploitation of two zero-days. Administrators managing Active Directory or SharePoint should prioritize those patches, BleepingComputer emphasized.


thehackernews.com11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
The weakest point in financial security may not be a brokerage account password but a far less obvious vulnerability.
New MCP specification kills old risks but opens fresh attack surfaces, Akamai finds - SiliconANGLE


undercodetesting.com3d ago









