Microsoft Patches a Record 570 Security Flaws

Krebs on Security News

Summary

Microsoft released a record 570 security patches for Windows and other software, including 60 critical flaws and three zero-days, attributing the increase to AI-assisted vulnerability discovery.

<p><strong>Microsoft Corp.</strong> today released software updates to plug at least 570 security holes in its <strong>Windows</strong> operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence.</p> <p><img decoding="async" class=" wp-image-56287 aligncenter" src="https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png" alt="A picture of a windows laptop in its updating stage, saying do not turn off the computer." width="749" height="527" srcset="https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png 841w, https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate-768x541.png 768w, https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate-782x550.png 782w, https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate-100x70.png 100w" sizes="(max-width: 749px) 100vw, 749px" /></p> <p>Nearly 60 of the bugs quashed in July&#8217;s Patch Tuesday earned a &#8220;critical&#8221; severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws that are already being exploited in the wild.</p> <p>Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include <a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56155" target="_blank" rel="noopener">CVE-2026-56155</a> &#8212; an <strong>Active Directory Federation Services</strong> bug &#8212; and <a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56164" target="_blank" rel="noopener">CVE-2026-56164</a>, a <strong>Microsoft Sharepoint</strong> vulnerability.</p> <p><a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-50661" target="_blank" rel="noopener">CVE-2026-50661</a> is a security feature bypass in <strong>Windows BitLocker</strong> that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation.</p> <p>In a blog post on July 9, Microsoft Executive Vice President <strong>Pavan Davuluri</strong> wrote that Windows users will notice “a higher volume of security updates included in each security release” as a result of AI aiding in the discovery of vulnerabilities.</p> <p>&#8220;The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,&#8221; Davuluri <a href="https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/" target="_blank" rel="noopener">wrote</a>.<span id="more-73991"></span></p> <p><strong>Jack Bicer</strong>, director of vulnerability research at <strong>Action1</strong>, called attention to <a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-48561" target="_blank" rel="noopener">CVE-2026-48561</a>, a remote code execution flaw in Microsoft Copilot (with a 9.6 CVSS threat score) that allows an unauthorized attacker to execute code over the network. Microsoft says an attacker could exploit this bug by hosting a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the site.</p> <p>As AI advances the state of vulnerability discovery and remediation, it is also making it easier for attackers to quickly devise working exploits for known software flaws. Microsoft has long labeled security bugs using its &#8220;exploitability index,&#8221; which is Redmond&#8217;s best guess as to how likely it is that attackers will be able to figure out a reliable way to exploit a given vulnerability.</p> <p>But <strong>Satnam Narang</strong>, senior staff research engineer at <strong>Tenable</strong>, argues that Microsoft&#8217;s exploitability index needs to do a better job of shifting with the machine speed of discovery. For example, Microsoft originally gave this month&#8217;s SharePoint zero-day an exploitability rating of &#8220;less likely,&#8221; although the flaw was <a href="https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog" target="_blank" rel="noopener">added</a> to CISA&#8217;s Known Exploited Vulnerabilities list on July 1.</p> <p>&#8220;Anthropic’s Red Team&#8217;s own findings for known vulnerabilities (n-days) revealed how fragile this system has become, with its Mythos Preview model being able to produce proof-of-concept exploits for 13 of 14 vulnerabilities that were rated &#8216;Exploitation Less Likely&#8217; or &#8216;Exploitation Unlikely,'&#8221; Narang said. &#8220;What this means is that our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools, and as these tools continue to improve, defense needs to improve alongside it.&#8221;</p> <p><strong>Chris Goettl</strong> at <strong>Ivanti</strong> observed that the record patch numbers from Microsoft come as a number of other major software makers are increasing their patch cadence, including Adobe which announced today it is moving to twice-monthly security bulletins published on the 2nd and 4th Tuesday of each month (Adobe also cited AI for accelerating their patch cycles). <strong>Cisco</strong>, <strong>Mozilla</strong> and <strong>Oracle</strong> also are shipping updates more frequently, while Google&#8217;s patch batches in June 2026 totaled more than 900 security fixes, Goettl noted.</p> <p>Backing up your Windows system and/or data is always a good idea before applying operating system updates. Given the volume of patches addressed this month it may be wise for end users to wait a few days before applying these fixes. It&#8217;s not uncommon for security patches to introduce system stability issues, and those chances probably increase quite a bit with the gigantic patch count released today.</p> <p>Further reading:</p> <p><a href="https://www.action1.com/patch-tuesday/patch-tuesday-july-2026/?vyi" target="_blank" rel="noopener">Action1&#8217;s Patch Tuesday blog</a></p> <p><a href="https://listen.automox.com/episodes/patch-fix-tuesday-july-2026-e34" target="_blank" rel="noopener">Automox&#8217;s rundown</a></p>
Original Article
View Cached Full Text

Cached at: 07/14/26, 10:16 PM

# Microsoft Patches a Record 570 Security Flaws Source: [https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/](https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/) **Microsoft Corp\.**today released software updates to plug at least 570 security holes in its**Windows**operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record\-smashing Patch Tuesday release last month\. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence\. ![A picture of a windows laptop in its updating stage, saying do not turn off the computer.](https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png) Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user\. Microsoft also addressed three zero\-day flaws that are already being exploited in the wild\. Two of the zero\-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include[CVE\-2026\-56155](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56155)— an**Active Directory Federation Services**bug — and[CVE\-2026\-56164](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56164), a**Microsoft Sharepoint**vulnerability\. [CVE\-2026\-50661](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-50661)is a security feature bypass in**Windows BitLocker**that could allow attackers to gain access to encrypted data if they have physical access to the device\. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation\. In a blog post on July 9, Microsoft Executive Vice President**Pavan Davuluri**wrote that Windows users will notice “a higher volume of security updates included in each security release” as a result of AI aiding in the discovery of vulnerabilities\. “The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Davuluri[wrote](https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/)\. **Jack Bicer**, director of vulnerability research at**Action1**, called attention to[CVE\-2026\-48561](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-48561), a remote code execution flaw in Microsoft Copilot \(with a 9\.6 CVSS threat score\) that allows an unauthorized attacker to execute code over the network\. Microsoft says an attacker could exploit this bug by hosting a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the site\. As AI advances the state of vulnerability discovery and remediation, it is also making it easier for attackers to quickly devise working exploits for known software flaws\. Microsoft has long labeled security bugs using its “exploitability index,” which is Redmond’s best guess as to how likely it is that attackers will be able to figure out a reliable way to exploit a given vulnerability\. But**Satnam Narang**, senior staff research engineer at**Tenable**, argues that Microsoft’s exploitability index needs to do a better job of shifting with the machine speed of discovery\. For example, Microsoft originally gave this month’s SharePoint zero\-day an exploitability rating of “less likely,” although the flaw was[added](https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog)to CISA’s Known Exploited Vulnerabilities list on July 1\. “Anthropic’s Red Team’s own findings for known vulnerabilities \(n\-days\) revealed how fragile this system has become, with its Mythos Preview model being able to produce proof\-of\-concept exploits for 13 of 14 vulnerabilities that were rated ‘Exploitation Less Likely’ or ‘Exploitation Unlikely,'” Narang said\. “What this means is that our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools, and as these tools continue to improve, defense needs to improve alongside it\.” **Chris Goettl**at**Ivanti**observed that the record patch numbers from Microsoft come as a number of other major software makers are increasing their patch cadence, including Adobe which announced today it is moving to twice\-monthly security bulletins published on the 2nd and 4th Tuesday of each month \(Adobe also cited AI for accelerating their patch cycles\)\.**Cisco**,**Mozilla**and**Oracle**also are shipping updates more frequently, while Google’s patch batches in June 2026 totaled more than 900 security fixes, Goettl noted\. Backing up your Windows system and/or data is always a good idea before applying operating system updates\. Given the volume of patches addressed this month it may be wise for end users to wait a few days before applying these fixes\. It’s not uncommon for security patches to introduce system stability issues, and those chances probably increase quite a bit with the gigantic patch count released today\. Further reading: [Action1’s Patch Tuesday blog](https://www.action1.com/patch-tuesday/patch-tuesday-july-2026/?vyi) [Automox’s rundown](https://listen.automox.com/episodes/patch-fix-tuesday-july-2026-e34)

Similar Articles

A Record-Breaking Patch Tuesday for June 2026

Krebs on Security

Microsoft's June 2026 Patch Tuesday sets a record with nearly 200 security fixes, including three publicly exploited zero-days. AI tools are increasingly used to find bugs, with security researchers like Nightmare Eclipse releasing exploits.

Microsoft’s patch Tuesdays are about to get bigger

The Verge

Microsoft announces it will use AI more heavily in its Patch Tuesday security updates for Windows 11, aiming to find and fix vulnerabilities faster. The company will integrate AI into its Secure Development Lifecycle and invest in Windows-specific AI tools for generating and validating security fixes.

Patch Tuesday, April 2026 Edition

Krebs on Security

Microsoft's April 2026 Patch Tuesday fixes a record 167 vulnerabilities, including an actively exploited SharePoint zero-day and a publicly disclosed Windows Defender bug (BlueHammer), while Google Chrome and Adobe Reader also addressed zero-days.