Particle.news

Microsoft Requires Faster Windows Patching After AI-Driven Exploit Risk

The company says quality updates must be installed within three days because attackers can use AI to turn public vulnerability disclosures into working exploits in hours.

Overview

  • Microsoft has updated enterprise deployment guidance to require quality updates be deployed within three days, setting update deadlines to zero or one day and a maximum two-day grace period to close the window for fast AI-powered attacks.
  • Microsoft says it is using an internal multi-model agent system called MDASH to hunt bugs by running staged scans, cross-checking findings with several AI models, and using a prover step to reduce false positives.
  • MDASH has publicly flagged 16 previously unknown Windows bugs, including four critical remote‑code‑execution flaws, and Microsoft reported a record 206 patched vulnerabilities in June 2026 as discovery rates rise.
  • IT teams face a trade-off because some admins routinely delay updates after unstable releases; Microsoft is testing hotpatching for Windows 11 Enterprise and urging use of Autopatch, Intune reporting, and Conditional Access to reduce disruption while speeding rollouts.
  • Microsoft extended Windows 10 Extended Security Updates to October 12, 2027 for version 22H2 users, and the company and security teams warn the shift signals a broader arms race where defenders and attackers both leverage AI, increasing the need for faster, automated patching.