"Microsoft released fixes for 137 CVEs on Tuesday, none of which are known to have been targeted by attackers. But the news is not all good as Redmond rated a whopping 30 flaws as critical, with 14 earning a 9.0 or higher CVSS severity rating, including one perfect 10."
""This month's release sits on the larger side of a hotpatch month, and we expect releases to continue trending larger for some time," Tom Gallagher, VP of engineering at Microsoft Security Response Center, said in a note on this month's Patch Tuesday."
"Microsoft also said its secret-until-now AI bug hunting system, codenamed MDASH, found 16 of the vulnerabilities addressed in this month's release. Redmond additionally announced it is making the tool available to a limited number of customers in private preview, along the lines of Anthropic's Mythos and Project Glasswing."
"First up: CVE-2026-41096. This one is a critical, 9.8-rated Windows DNS Client remote code execution (RCE), and while Redmond says exploitation is "unlikely," we'd suggest patching it ASAP. It's due to a heap-based buffer overflow, and no authentication or user interaction is needed to exploit it (it's done by sending a specially crafted DNS response to a vulnerable system), potentially leading to memory corruption and RCE."
Microsoft released fixes for 137 CVEs, with none known to be targeted by attackers. Thirty flaws were rated critical, and 14 received CVSS scores of 9.0 or higher, including one with a 10. The release is larger than a typical hotpatch month, and patching and testing workloads are expected to keep increasing. Microsoft stated that AI is being used to find more bugs than before, and its MDASH system identified 16 vulnerabilities in this month’s fixes. MDASH is being made available to a limited number of customers in private preview. A highlighted issue is a Windows DNS Client remote code execution vulnerability caused by a heap-based buffer overflow triggered by a crafted DNS response, without authentication or user interaction.
#microsoft-patch-tuesday #vulnerability-management #windows-dns-client #ai-bug-hunting #cve-security
Read at theregister
Unable to calculate read time
Collection
[
|
...
]