Microsoft Fixes Record 570 Security Flaws in Biggest Patch Tuesday Ever

The bug apocalypse has officially descended upon Redmond.
Microsoft’s July 2026 Patch Tuesday fixes a record 570 security vulnerabilities, including three zero-day flaws, two of which were already being exploited before patches became available.

Microsoft Fixes Record 570 Security Flaws in Biggest Patch Tuesday Ever

Microsoft Fixes Record 570 Security Flaws in Biggest Patch Tuesday Ever

The bug apocalypse has officially descended upon Redmond.

Microsoft’s July 2026 Patch Tuesday fixes a record 570 security vulnerabilities, including three zero-day flaws, two of which were already being exploited before patches became available.

The update addresses 59 critical vulnerabilities, with remote code execution (RCE) flaws accounting for the majority of the highest-risk issues. Microsoft also fixed hundreds of elevation of privilege, information disclosure, denial-of-service, spoofing, and security bypass vulnerabilities affecting Windows and other products.

The release continues a sharp upward trend in vulnerability disclosures. Windows Latest noted that Microsoft has patched 1,308 vulnerabilities during the first seven months of 2026, almost double the same period last year, after Microsoft expanded its use of AI-assisted vulnerability discovery..

Two exploited zero-days demand immediate attention

The most urgent fixes cover two vulnerabilities Microsoft confirmed were under active attack.

The first, CVE-2026-56155, affects Active Directory Federation Services (AD FS) and allows an authenticated attacker to elevate privileges to administrator level.

The second, CVE-2026-56164, impacts Microsoft SharePoint Server, where missing authentication for a critical function enables an attacker to elevate privileges remotely. Microsoft recommends enabling the Antimalware Scan Interface (AMSI) and configuring Request Body Scan mode to Full as a mitigation measure.

Microsoft also patched CVE-2026-50661, a publicly disclosed BitLocker security feature bypass that could allow someone with physical access to a device to access encrypted data.

Alongside the zero-days, the July release includes numerous critical remote code execution vulnerabilities affecting Windows, SharePoint, Exchange Server, Dynamics, Microsoft Defender, Media Foundation, and other enterprise technologies.

Experts urge organizations to move quickly

Security researchers say the scale of this month’s release leaves little room for delay.

“To call this record-breaking is a massive understatement — this is the ‘Mother of All Releases’. The bug apocalypse has fully descended upon us, with July’s numbers pushing the year-to-date CVE count past every single full-year total of the last 20 years,” Dustin Childs, Head of Threat Awareness at Zero Day Initiative, told TechRepublic in a statement.

“Security teams need to take an extended break from their regularly scheduled activities to eat this elephant one byte at a time, starting immediately with active exploits in AD FS and SharePoint.”

Jack Bicer, Director of Vulnerability Research at Action1, warned that defenders are now facing a different challenge. “For defenders, this means the challenge is no longer just keeping up with attackers, but also keeping pace with an accelerating stream of security fixes. With three zero-days already being exploited in the wild, this month’s updates should be treated as a high priority,” Bicer told TechRepublic.

Amol Sarwate, Head of Security Research and REDLab at Cohesity, said the concentration of critical flaws reflects a broader shift. “The concentration of high-impact RCEs across the entire install base in a single release reflects the AI-assisted vulnerability discovery trend Microsoft has acknowledged and highlights the limitations of the CVSS-plus-severity triage model that many defenders still rely on,” Sarwate said in a comment to TechRepublic.


Advertisement

More Microsoft news

AI is changing both offense and defense

Microsoft recently acknowledged that attackers are increasingly using AI to discover vulnerabilities faster, while the company is deploying its own AI-powered system (MDASH) to identify flaws before they can be exploited.

The company has already warned organizations to shorten Windows update deferral periods, arguing that the window between vulnerability disclosure and exploitation is shrinking significantly.

For Windows 11 users, July’s update also introduces several non-security improvements, including Secure Boot enhancements, an updated curl utility, Remote Desktop security improvements, and fixes for Office compatibility and networking issues.

The bigger picture

This Patch Tuesday marks more than a record-breaking release. It signals that security teams may need to rethink patch management strategies as AI appears to be increasing both the speed of vulnerability discovery and the volume of fixes vendors release.

For businesses, delaying updates now carries greater operational risk, especially for organizations running internet-facing services such as SharePoint, AD FS, Exchange, or Dynamics. While larger monthly updates can increase testing workloads and the risk of compatibility issues, this release suggests rapid deployment is becoming just as important as careful validation in modern enterprise security.

Also read: Windows 11 updates should now be installed within three days, Microsoft says, as AI-assisted attacks shrink the time between disclosure and exploitation.

About Author

What do you feel about this?

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.