ON
← Nazaj na pregled
Microsoft popravi rekordno število varnostnih ranljivosti, pri čemer navaja uporabo AI
United States💻 Tehnologijapred 6 urami

Microsoft popravi rekordno število varnostnih ranljivosti, pri čemer navaja uporabo AI

Microsoft je v svoji najnovejši posodobitvi "Patch Tuesday" objavil rekordnih 570 varnostnih popravkov za vse svoje izdelke, vključno z Windowsom in Officeom. To nenavadno veliko število popravkov je bilo pripisano povečani uporabi umetne inteligence (AI) s strani inženirjev Microsofta za prepoznavanje skritih ranljivosti v njegovi programski opremi. Vsaj dve od teh pomanjkljivosti so bile razvrščene kot zero-day exploits, kar pomeni, da jih so jih hekerji že aktivno uporabljali proti sistemom. Ena ranljivost je omogočila napadalcem, da pridobijo upravni dostop do Windows Serverja, medtem ko je druga prizadela Microsoftovo platformo SharePoint, ki jo je ameriška agencija za kibernetsko varnost in varnost infrastrukture (CISA) potrdila, da je aktivno izkoriščena. Microsoft je dejal, da orodja AI omogočajo hitrejše odkrivanje prej neznanih težav, kar vodi do večjih količin varnostnih posodobitev v prihodnjih izdaj.

Microsoft released a record number of security patches this week, addressing 570 vulnerabilities across its Windows, Office, and other products. The update, delivered on Tuesday as part of its regular “Patch Tuesday” schedule, marks one of the largest batches of security fixes in recent history. The company attributed the surge in vulnerabilities to its growing reliance on artificial intelligence tools to identify potential weaknesses in its software. According to internal reports, at least two of the newly discovered flaws are classified as zero-day exploits, vulnerabilities that attackers can exploit before developers become aware of them. One of these bugs affects Windows Server, enabling unauthorized users to elevate their privileges from a standard account to administrative control. Another flaw impacts SharePoint, a widely used file-sharing platform. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings that cybercriminals are already leveraging this vulnerability to breach organizational networks. This latest round of patches follows a broader shift in Microsoft's approach to cybersecurity. Last week, the company announced in a blog post that it anticipated a significant increase in the number of security updates due to the integration of AI into its threat detection and analysis processes. The move reflects a larger trend among major tech firms to harness machine learning and automation to improve the speed and accuracy of identifying and mitigating security risks. Pavan Davuluri, head of Windows, emphasized that the rise in detected vulnerabilities is a direct result of enhanced defensive capabilities. “As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” he stated. This sentiment aligns with growing concerns within the cybersecurity community that AI-driven tools are uncovering long-standing flaws in legacy systems, some of which date back several decades. Security researchers have noted that AI models trained specifically for cybersecurity applications are capable of scanning vast amounts of code for patterns that might indicate hidden vulnerabilities. These models can detect anomalies that human analysts might overlook, particularly in complex or aging codebases. Microsoft’s Windows operating system, for instance, contains millions of lines of code developed over multiple generations, making it a prime target for such analyses. The increased frequency of critical vulnerabilities underscores the evolving nature of digital threats. As AI becomes more sophisticated, both defenders and attackers are adapting their strategies. While Microsoft’s use of AI aims to bolster security, it also highlights the challenges of maintaining robust defenses in an increasingly interconnected and automated world. Organizations must remain vigilant, ensuring that their systems are regularly updated and monitored against emerging threats. Looking ahead, Microsoft plans to continue expanding its AI-powered security initiatives. The company has already begun testing new tools designed to automate parts of the vulnerability assessment process, reducing the time required to identify and address security gaps. Industry experts suggest that while these advancements offer clear benefits, they also require careful implementation to avoid introducing new risks through misconfigurations or unintended side effects.

Kako je poročala vsaka stran

Isti dogodek, razvrščen po političnem nagibu medijev, ki so o njem poročali.

Kako je poročala vsaka stran

Podprite neodvisne novice z zavedanjem pristranskosti in odklenite družbeni utrip, glasovanje skupnosti in svoj prilagojen pregled Zame.

Postani podpornik

Poročanje po svetu

Isti dogodek, kot so ga poročali v drugih državah.

Poročanje po svetu

Podprite neodvisne novice z zavedanjem pristranskosti in odklenite družbeni utrip, glasovanje skupnosti in svoj prilagojen pregled Zame.

Postani podpornik

Preverjanje trditev

Ključne dejanske trditve in koliko virov jih potrjuje oz. zavrača.

Preverjanje trditev

Podprite neodvisne novice z zavedanjem pristranskosti in odklenite družbeni utrip, glasovanje skupnosti in svoj prilagojen pregled Zame.

Postani podpornik

Pojdite k primarnim virom (2)

Uradni viri, na katerih temelji poročanje. Preberite jih neposredno in se izognite uokvirjanju.

1 poročil

TechCrunch logoTechCrunchNeodvisenSredinapred 6 urami
Microsoft popravi rekordno število varnostnih ranljivosti, pri čemer navaja uporabo AI

Microsoft je v svoji najnovejši posodobitvi "Patch Tuesday" objavil rekordnih 570 varnostnih popravkov za vse svoje izdelke, vključno z Windowsom in Officeom. To nenavadno veliko število popravkov je bilo pripisano povečani uporabi umetne inteligence (AI) s strani inženirjev Microsofta za prepoznavanje skritih ranljivosti v njegovi programski opremi. Vsaj dve od teh pomanjkljivosti so bile razvrščene kot zero-day exploits, kar pomeni, da jih so jih hekerji že aktivno uporabljali proti sistemom. Ena ranljivost je omogočila napadalcem, da pridobijo upravni dostop do Windows Serverja, medtem ko je druga prizadela Microsoftovo platformo SharePoint, ki jo je ameriška agencija za kibernetsko varnost in varnost infrastrukture (CISA) potrdila, da je aktivno izkoriščena. Microsoft je dejal, da orodja AI omogočajo hitrejše odkrivanje prej neznanih težav, kar vodi do večjih količin varnostnih posodobitev v prihodnjih izdaj.

Ocena pristranskosti (Sredina): Članek se osredotoča na tehnološki napredek v kibernetski varnosti in ne predstavlja nobene politično nabite vsebine ali zavzema stališča o spornih vprašanjih.

Ohranimo novice poštene.

ObjectiveNews financirajo bralci in je brez oglasov – pristranskost vam pokažemo, ne skrijemo. Podprite neodvisno novinarstvo za 5 €/mesec.

Postani podpornik

Povezane zgodbe