Microsoft revamps Windows vulnerability program to reduce exposure

By using the power of artificial intelligence (AI), Microsoft promises to roll out more patches to better protect Windows users.
“The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Pavan Davuluri, Executive Vice President Windows and Devices at Microsoft, says in a lengthy blog post.
The fastest way to reduce customer exposure is to find and patch security issues before hackers can exploit them. Therefore, the Redmond-based tech company is expanding its ability to identify and fix zero-day bugs and other security vulnerabilities.
To reduce the window between discovering and patching bugs, Microsoft will be using Microsoft Security’s Multi-model Agentic Scanning Harness (MDASH), a system that scans critical Windows files for vulnerabilities using AI models from multiple companies.
In parallel, the tech behemoth will collaborate more closely with the Microsoft Security Response Center (MSRC) to boost vulnerability discovery and patching, and will look into its internal systems and practices to improve its operating system Windows before new features and updates are released.
“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release. This is evidence that defenders are getting better at identifying and addressing issues. Our focus is to effectively utilize these AI tools to support faster protection, stronger engineering systems, and more actionable guidance for customers,” Davuluri promises.
In addition, customers will be given more ways to test, deploy, and monitor updates in their own environments. If needed, Microsoft’s customer service and support are ready to receive reports of any issues.
“As the pace of vulnerability discovery increases, customers shouldn’t have to choose between speed and stability. Our job is to help customers stay protected while deploying updates with confidence. Windows will continue investing in the systems, engineering practices, and platform protections needed to reduce exposure responsibly at global scale,” Davuluri concludes his blog post.
In April, Oracle announced to release critical security updates monthly instead of once per quarter.
“The latest generation of AI is transforming how software vulnerabilities are identified and fixed, increasing the speed and scale of discovery and remediation,” the tech company explained.