Microsoft has pushed out a record-sized security update, releasing fixes for 570 flaws across Windows, Office, and other product lines. The company connected the unusually large batch to its use of AI in finding previously undiscovered vulnerabilities in its own software.
The update arrived as part of Microsoft’s monthly security release, widely known among security researchers as Patch Tuesday. The scale of the release matters because it shows how AI is starting to change the pace of vulnerability discovery, especially inside software that has been built and maintained over many years.
A Record Patch Tuesday
Microsoft issued patches for 570 security flaws this week. The fixes covered Windows, Office, and other Microsoft technology product lines.
Patch Tuesday is the company’s regular monthly release of security fixes. For customers, it is the point in the month when many organizations review, test, and deploy Microsoft updates across their systems.
This month’s release stood out because of its size. Microsoft had already said in a blog post a week earlier that its usual batch of monthly security patches was expected to be far higher in number than before.
The company said the increase was connected to AI-assisted vulnerability discovery. In plain terms, Microsoft is using AI to help employees find software bugs that might otherwise remain hidden.
Two Zero-Days Raise The Stakes
At least two of the vulnerabilities are classified as zero-days. A zero-day is a security flaw that was exploited before Microsoft knew about it.
One bug affects Windows Server. According to the source article, it allows hackers to escalate their privileges from a limited user to a system administrator.
Another bug affects the SharePoint file sharing server. The U.S. government’s cybersecurity agency CISA warned that hackers were actively exploiting the bug to compromise organizations.
Those details make the update more than a routine maintenance event. A large patch release can contain issues of different severity, but actively exploited flaws require particular attention because attackers have already used them in the real world.
Why AI Means More Bugs Are Being Found
Microsoft linked the larger patch volume to AI helping defenders uncover more issues. Windows boss Pavan Davuluri explained the shift directly:
“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” said Windows boss Pavan Davuluri.
The logic is straightforward. If AI tools help security teams search code more effectively, they can surface vulnerabilities that were previously missed. That does not necessarily mean software suddenly became less secure. It can also mean defenders are getting better at finding problems already present in the code.
The source article notes that security researchers are increasingly using advanced AI models focused on cybersecurity to uncover vulnerabilities that may have been dormant in software code for years, if not longer.
That point is especially relevant for Microsoft. Parts of Windows code date back decades, according to the source article. Older and widely used software can contain deep layers of legacy code, and AI-assisted review may expose flaws that conventional processes did not catch earlier.
What Customers Should Take From This
The immediate takeaway is simple: Microsoft customers have a large set of security updates to review. The release includes fixes for Windows, Office, SharePoint, Windows Server, and other Microsoft product lines.
For organizations, the presence of at least two zero-days changes the urgency. One involves privilege escalation on Windows Server. Another affects SharePoint and has drawn a warning from CISA about active exploitation.
The broader message is that patch volume may keep rising as AI becomes more useful for defenders. Microsoft has already warned that customers will see more security updates in each security release as AI helps discover more issues.
That creates a practical challenge. More discovered vulnerabilities can mean better long-term security, but it also means customers need disciplined patch management. Larger monthly updates may require more review, more testing, and faster action when exploited bugs are included.
A Shift In Security Work
This release shows a change in how software security work is being done. AI is not only a tool that attackers may use; Microsoft is presenting it here as a tool for defenders.
When AI helps find flaws in widely deployed software, the result can be a larger patch queue. That may feel like more work for customers, but it also brings hidden vulnerabilities into the open where they can be fixed.
Krebs on Security first reported the news. The key development is that Microsoft is tying a record number of patches to AI-assisted discovery, and telling customers to expect higher volumes of security updates as that process improves.