Original article excerpt
Server-side extracted preview paragraphs from the original source.
Among the 198 vulnerabilities are 32 critical ones and three publicly disclosed zero-day flaws, so you'll want to install this update ASAP.
Microsoft's monthly Patch Tuesday updates typically fix a number of security bugs, which is why Windows users should almost always install them. But this month boasts a new record with 198 vulnerabilities being patched, the largest in recent history. And with many of the flaws rated critical and three already publicly disclosed, you'll definitely want to grab this one.
As usual, this month's updates are described in three separate KB articles -- KB5094126 for Windows 11 24H2 and 25H2, KB5093998 for Windows 11 23H2, and KB5094127 for Windows 10. Since these are mandatory updates, they will automatically download and install. But you should still double-check, especially since you have to reboot your PC for them to take effect.
In Windows 11, head to Settings and select Windows Update. If the status indicates a pending restart, then just reboot your computer. Otherwise, click the button to check for updates and allow them to run. For Windows 10, you need to be enrolled in the Extended Security Updates (ESU) program. In that case, go to Settings and select Update & Security. If necessary, click the button to check for updates and let them download and install.
Why and how did Microsoft squash a record number of bugs this month? The answer is AI. Tech companies are increasingly using models like Anthropic's Claude Mythos to help find and fix more vulnerabilities, much more quickly than in the past. In April, Mozilla patched 271 security flaws in Firefox, assisted by an early version of Claude Mythos Preview.
"The unusually high volume of disclosures reflects a broader trend in vulnerability research, where advances in AI-assisted analysis and initiatives such as Mythos are helping researchers uncover flaws at a much faster pace than before," patch management provider Action1 said in an advisory.
As for the bugs themselves, the patches for the 32 critical ones offer reason enough to install the update. But the three zero-days amp up the severity because they're publicly disclosed. That means they haven't yet been actively exploited in the wild. But details on them were publicly available before Microsoft resolved them, so attackers could exploit them on PCs that haven't been patched.