Microsoft warns attackers are increasingly using AI to accelerate exploitation of newly disclosed vulnerabilities, shrinking the time organizations have to deploy patches.
Jeremy Chapman, a director at Microsoft 365, said users and organizations should rethink the long-standing practice of delaying updates to avoid potential software issues.
Microsoft has recommended deploying Windows quality updates within three days of release. According to Windows Latest, Chapman said that “the risk is real. Total addressed vulnerabilities have been on the rise since April this year.”
According to Microsoft, the number of vulnerabilities addressed in its monthly Patch Tuesday releases reached 206 fixes in June 2026 and 570 fixes in July 2026.
Microsoft turns to AI to fight AI-powered attacks
The company is also relying on artificial intelligence to strengthen Windows security.
Microsoft has developed an internal AI-powered system called MDASH, which combines more than 100 AI agents with frontier and smaller language models to inspect Windows code for suspicious patterns and identify security flaws.
The company reported that the platform achieved an 88.45% success rate of uncovering complex vulnerabilities that span multiple source files, helping engineers find issues that would otherwise be difficult to detect. The increased use of AI on both sides of cybersecurity means Microsoft expects security updates to remain frequent as more vulnerabilities are discovered and patched.
A difficult balance for IT teams
The new recommendation could present a challenge for organizations that routinely postpone updates to avoid disruptions.
Many businesses intentionally delay Patch Tuesday releases because some Windows updates have introduced compatibility problems or application failures. Windows Latest pointed to the June 2026 cumulative update, which reportedly caused issues for some third-party applications integrating with Microsoft Office.
Microsoft said it is working to improve update quality and is expanding technologies such as hotpatching for Windows 11 Enterprise, allowing some security updates to install without requiring a reboot.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
A shrinking tradeoff for users
Microsoft’s latest guidance highlights a growing dilemma for Windows users and businesses. Delaying updates can reduce the risk of software compatibility problems, but it also leaves systems exposed during the period when attackers are most likely to weaponize newly disclosed vulnerabilities.
For consumers, most Patch Tuesday updates install automatically unless paused. Organizations with managed Windows devices still have flexibility, but Microsoft’s message suggests that long deferral periods are becoming increasingly difficult to justify as AI shortens the gap between vulnerability disclosure and active attacks.
More News: China’s warning over Anthropic’s Claude Code highlights a growing challenge for APAC organizations: securing AI coding tools amid rising geopolitical and cybersecurity tensions.