Microsoft’s patch Tuesdays are about to get bigger

Microsoft’s patch Tuesdays are about to get bigger

微软的“补丁星期二”规模即将扩大

Windows 11 updates could soon include fixes for more security issues at once. Microsoft said in a blog post on Thursday that it’s now using AI to “identify potential issues earlier,” which means “customers will see a higher volume of security updates included in each security release.” Windows 11 的更新可能很快会一次性包含更多安全问题的修复。微软在周四的一篇博客文章中表示,公司目前正在利用人工智能“更早地识别潜在问题”,这意味着“用户在每次安全发布中将看到更大规模的安全更新”。

Hackers, even amateurs, have increasingly been using AI to quickly exploit security weaknesses over the past several months. Security researchers are also using AI to find issues faster, leading to more frequent high-severity vulnerabilities, like the “Copy Fail” exploit that impacted nearly every Linux distribution in May. Similarly, when Anthropic announced its Claude Mythos model earlier this year, it claimed that Mythos had already found high-severity vulnerabilities in “every major operating system.” 在过去的几个月里,黑客(甚至是业余黑客)越来越多地利用人工智能来快速挖掘安全漏洞。安全研究人员也在利用人工智能更快地发现问题,这导致高严重性漏洞的出现频率增加,例如 5 月份影响了几乎所有 Linux 发行版的“Copy Fail”漏洞。同样,当 Anthropic 在今年早些时候发布其 Claude Mythos 模型时,该公司声称 Mythos 已经发现了“每一个主流操作系统”中的高严重性漏洞。

Microsoft says it’s updating its Secure Development Lifecycle to make sure it “explicitly accounts for potential AI-enabled attack techniques and exploit paths.” It’s also making investments to “ensure that we are not compromising update quality as we gain speed,” including integrating AI more throughout its security updates process. Additionally, Microsoft says it’s “investing in new technology including Windows-specific tools and agentic harnesses” that will help generate and validate security fixes with AI, while “keeping humans in the loop when it comes to code review.” 微软表示,公司正在更新其“安全开发生命周期”(Secure Development Lifecycle),以确保其“明确考虑到潜在的 AI 驱动的攻击技术和利用路径”。微软还在进行投资,以“确保我们在提升速度的同时不牺牲更新质量”,包括在整个安全更新流程中更深入地集成人工智能。此外,微软表示正在“投资包括 Windows 专用工具和代理框架(agentic harnesses)在内的新技术”,这将有助于利用 AI 生成并验证安全修复,同时“在代码审查环节保持人工参与”。

Microsoft emphasized that while AI will now be more involved in identifying and resolving security issues, developers will still verify those findings and “make risk-based decisions” about updates. 微软强调,虽然人工智能现在将更多地参与识别和解决安全问题,但开发人员仍将对这些发现进行验证,并针对更新“做出基于风险的决策”。