• 3 min read
Microsoft ships record 570 security fixes in July
Microsoft patched at least 570 flaws, including three zero-days and nearly 60 critical bugs, as it says AI is speeding up vulnerability discovery.

Image: Hacker News
Microsoft has released updates for at least 570 security vulnerabilities across Windows and other products, nearly three times the total from its previous record-setting Patch Tuesday release last month. The company said the jump reflects how AI-assisted vulnerability discovery is finding more flaws, faster.
Almost 60 of the July flaws were rated critical, meaning attackers or malware could potentially take remote control of a Windows machine with little or no user interaction. Microsoft also fixed three zero-days, including two already being exploited in the wild.
Among the zero-days are two elevation of privilege bugs: CVE-2026-56155, affecting Active Directory Federation Services, and CVE-2026-56164, a Microsoft SharePoint flaw. Microsoft also patched roughly 250 other elevation of privilege vulnerabilities this month. A third zero-day, CVE-2026-50661, is a Windows BitLocker security feature bypass that could expose encrypted data if an attacker has physical access to the device. Microsoft said that flaw has been publicly disclosed but is not aware of active exploitation.

Recommended reading
292 fake GitHub repos spread infostealer malware
In a July 9 blog post, Microsoft Executive Vice President Pavan Davuluri said customers should expect a “higher volume of security updates” going forward.
“The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,”
Zero-days and Copilot bug
Jack Bicer, director of vulnerability research at Action1, highlighted CVE-2026-48561, a remote code execution flaw in Microsoft Copilot with a 9.6 CVSS score. According to Microsoft, an attacker could exploit it by hosting a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the page.
The report also points to a growing problem for defenders: the same tools that speed up vulnerability discovery can also help attackers turn disclosed flaws into working exploits more quickly.
Exploitability ratings under pressure
Satnam Narang, senior staff research engineer at Tenable, argued that Microsoft’s long-standing exploitability index is struggling to keep up. He noted that Microsoft initially rated the SharePoint zero-day as “less likely” to be exploited, even though it was added to CISA’s Known Exploited Vulnerabilities list on July 1.
“Anthropic’s Red Team’s own findings for known vulnerabilities (n-days) revealed how fragile this system has become, with its Mythos Preview model being able to produce proof-of-concept exploits for 13 of 14 vulnerabilities that were rated 'Exploitation Less Likely' or 'Exploitation Unlikely,'”
“What this means is that our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools, and as these tools continue to improve, defense needs to improve alongside it.”
Chris Goettl at Ivanti said Microsoft’s record patch total comes as other major vendors also increase release frequency. Adobe said today it is moving to twice-monthly security bulletins on the 2nd and 4th Tuesday of each month, also citing AI. Cisco, Mozilla, and Oracle are updating more often as well, while Google’s June 2026 patch batches totaled more than 900 security fixes.
The source recommends backing up Windows systems or data before installing updates. Given the size of this month’s release, it may be prudent for end users to wait a few days before applying the patches, since security fixes can sometimes introduce stability problems.
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via Hacker News


