Microsoft admits AI is exploiting Windows 11 bugs in hours, warns against delaying updates past 3 days

Peer Networks UK Windows Latest Microsoft admits AI is exploiting Windows 11 bugs in hours, warns against delaying updates past 3 days

Microsoft no longer wants you to hit the brakes on Windows updates and choose to install them whenever you feel like it. That era is gone, largely because attackers are using AI to quickly exploit vulnerabilities in Windows 11, and you need to be prepared. Ahead of Patch Tuesday, the company said nobody should delay Windows updates for more than three days.

Microsoft used to patch fewer than 100 security issues in Windows and other products during Patch Tuesday. But that appears to have changed lately. For example, if you look at the table below, Microsoft patched 64 bugs in February, 81 in March, 169 in April, 120 in May, and the number shot up to 206 in June 2026.

Month (2026) Flaws Fixed Zero-Days Addressed Total
January 114 3 117
February 58 6 64
March 79 2 81
April 167 2 169
May 120 0 120
June 200 6 206

If you look closely, you’ll realize that the number of fixes is increasing, which is a good thing, but it also means more bugs are being found. Does that mean Windows is suddenly more vulnerable? No. According to a Microsoft 365 director, bad actors are now using AI to find bugs and exploit vulnerabilities on unpatched systems.

Microsoft is also using AI to find and patch these bugs, but that means you’ll need to be more careful with your approach to Patch Tuesday.

According to Jeremy Chapman, a director at Microsoft 365 who works closely with the Windows team on enterprise updates, consumers and organizations may want to delay security patches for a few days, and it’s a common practice for some, but “it shouldn’t be” any longer.

“The risk is real,” Jeremy warned. “Total addressed vulnerabilities have been on the rise since April this year.”

Microsoft says it’s prepared to fight back with its own AI system that identifies bugs in Windows

If you’ve been following AI development, you might be aware that Claude Mythos found 271 verified security vulnerabilities in Firefox and over 400 in Cloudflare, which should tell you that nobody in the industry is protected. Microsoft understands that very well, as it’s one of the companies that has pushed AI since day one.

Microsoft has built an AI system called MDASH, which brings together frontier and smaller models with more than 100 AI agents to find bugs in Windows.

AI models for security

MDASH inspects Windows code for suspicious patterns, and all agents in the system argue with each other to diagnose real issues.

MDASH

The system is particularly useful for complicated Windows bugs that are spread across multiple functions or source files. For example, MDASH identified a remotely exploitable use-after-free vulnerability in tcpip.sys that involved object ownership, concurrent cleanup operations, and attacker-controlled network packets.

According to Microsoft, its AI system MDASH achieved an 88.45% success rate, which is quite impressive. It also means future Patch Tuesday updates could become larger as Microsoft finds more vulnerabilities.

Microsoft recommends deploying Windows updates within three days

Security problems with Windows or any other product aren’t new, but the number of vulnerabilities is increasing rapidly, while the way people install updates has not changed.

Once a vulnerability is publicly documented, AI can help attackers analyze the issue and develop an exploit within hours. This is why Microsoft no longer wants organizations to leave Windows PCs unpatched for weeks.

Jeremy Chapman, a director at Microsoft 365, shared the following message with IT admins:

“To address this, we’ve updated our recommendations for deploying Windows updates to less than three days as the deferral period for quality updates,” Jeremy Chapman, a director at Microsoft 365, noted. “Setting deadlines for those updates to zero or one day, and the update grace period to a maximum of two days.”

Windows updates are typically released twice a month. We have Patch Tuesday on the second Tuesday and an optional cumulative preview update during the last week of the month.

2026-06 Security Update (KB5094126) (26200.8655)
Example of June 2026 updates installing automatically in the background

Patch Tuesday updates are almost always installed automatically on consumer PCs, but you have the choice to defer them using Windows 11’s new calendar view for pausing updates.

Calendar to pause updates in Windows 11

IT admins have greater control over Windows updates, particularly if they use Windows 11 Pro or Enterprise. They can use Group Policy Editor to delay updates if their organization is not prepared or they simply do not want to reboot all their devices at once.

IT admins defer Windows updates because they can be buggy

It’s interesting that Microsoft won’t tell us why it has become common practice to defer Windows updates. The fact is that it’s largely because updates have been unstable lately, and the situation appears to be getting worse.

Let’s take the June 2026 cumulative update, which shipped on June 9, as an example. It wasn’t a deal-breaker for consumers, but if you used third-party apps that integrate with Office, you might not have been able to open Office apps.

Check Point, a third-party security company, confirmed that it was aware of issues with Office products following the June 2026 update.

“A new Office update has caused our injected code to dead lock which made Microsoft Office applications to sometimes freeze/crash,” a Check Point employee wrote in a forum post. “A new update will be released which will prevent the dead lock from happening, and will be deployed to versions 89.10, 89.20, 89.21 automatically in the next 24 hours.”

There have been reports of other problems as well, including issues with the Recycle Bin and a bug that blocks some users from installing the June 2026 update.

Windows 11 Recycle Bin
Windows 11 Recycle Bin identifies the wrong file name

Microsoft has promised it’ll make Windows updates better, and we’re already seeing early signs of improvement, including better-quality drivers from OEMs like Intel. In fact, Satya Nadella confirmed Microsoft will focus on the fundamentals and win back customers in the coming months.

Windows updates can be a bumpy ride in some months, but regardless of the problems you run into, it’s still recommended that you install Windows Patch Tuesday updates because the security risks of waiting are only going to get worse.

Microsoft has been testing “hotpatching” for Windows 11 Enterprise, which allows some updates to install without reboots, but this feature isn’t yet available for consumers.

What about you? Do you pause Windows updates at all? I personally pause updates only when I do not want Windows to install them while I’m shutting down the PC and going to bed.

The post Microsoft admits AI is exploiting Windows 11 bugs in hours, warns against delaying updates past 3 days appeared first on Windows Latest