Skip to main content
CybersecurityVulnerability Management

Microsoft Disrupts 570 Security Flaws in Record Patch Tuesday Release

Windows device on a neutral surface with abstract security elements in the background.

Microsoft released updates on July 15, 2026, addressing at least 570 security holes — nearly triple the number fixed in last month’s Patch Tuesday and a record total Microsoft says stems from vulnerability discoveries aided by artificial intelligence.

Microsoft’s July Patch Tuesday: 570 fixes, nearly 60 rated “critical”

Redmond’s July security rollup plugged a sprawling set of flaws across Windows and other Microsoft products. Nearly 60 of the bugs were assigned a “critical” severity rating, meaning an attacker could seize remote control of a Windows device with little or no interaction from the user. Microsoft fixed three zero-day vulnerabilities this month, two of which the company says are already being exploited in the wild. Approximately 250 of the patches were for elevation of privilege (EoP) flaws, among them CVE-2026-56155 — an Active Directory Federation Services bug — and CVE-2026-56164, a Microsoft SharePoint vulnerability.

Microsoft also addressed CVE-2026-50661, a security feature bypass in Windows BitLocker “that could allow attackers to gain access to encrypted data if they have physical access to the device.” Microsoft said the BitLocker bug has been publicly detailed but that the company is not aware of any active exploitation.

CVE-2026-48561: Copilot remote code execution via Edge for Android

Security researchers highlighted CVE-2026-48561, a remote code execution flaw in Microsoft Copilot that carries a 9.6 CVSS threat score. Jack Bicer, director of vulnerability research at Action1, warned the bug “allows an unauthorized attacker to execute code over the network.” Microsoft describes an attack scenario in which a malicious website causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the site, enabling the exploit.

Pavan Davuluri and the AI acceleration of vulnerability discovery — and the critique from Tenable

Microsoft Executive Vice President Pavan Davuluri wrote on July 9 that Windows users should expect “a higher volume of security updates included in each security release” because AI is accelerating discovery and analysis. “The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Davuluri wrote.

That same acceleration prompted criticism from outside researchers. Satnam Narang, senior staff research engineer at Tenable, said Microsoft’s long-standing “exploitability index” is not keeping pace with the machine speed of discovery. Narang noted the SharePoint zero-day was originally given an exploitability rating of “less likely” even though the flaw was added to CISA’s Known Exploited Vulnerabilities list on July 1. Citing tests by Anthropic’s Red Team, Narang said the Mythos Preview model produced proof-of-concept exploits for 13 of 14 vulnerabilities that had been rated “Exploitation Less Likely” or “Exploitation Unlikely,” and argued this demonstrates “our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools.”

Other vendors shift cadence; patch volume and stability trade-offs

Chris Goettl at Ivanti observed that Microsoft’s record patch count comes as other major vendors increase their own cadence. Adobe announced it is moving to twice-monthly security bulletins published on the 2nd and 4th Tuesday of each month and cited AI as a driver for faster patch cycles. Goettl also noted Cisco, Mozilla and Oracle are shipping updates more frequently, and that Google’s June 2026 patch batches totaled more than 900 security fixes.

Because security updates sometimes introduce system stability issues, Microsoft and outside commentators reiterated a common operational precaution: back up Windows systems and data before applying operating system updates. Given the size of the July release, the reporting advised it may be prudent for end users to wait a few days before applying the fixes to allow any early stability problems to surface.

What this means for technologists, policymakers, and end users

  • Technologists and security teams: Expect heavier monthly patch loads and a surge in EoP and critical fixes — roughly 250 elevation-of-privilege patches and nearly 60 critical flaws this month — and re-evaluate reliance on historical exploitability ratings as AI accelerates proof-of-concept development.
  • Policymakers and defenders: CISA’s Known Exploited Vulnerabilities list already included the SharePoint zero-day on July 1, underscoring the need to align vulnerability prioritization with machine-speed discovery and public exploit reporting.
  • End users and IT operators: Back up systems before updating; consider a brief delay before mass deployment to monitor for stability regressions; and be aware that a BitLocker security feature bypass (CVE-2026-50661) could expose encrypted data if attackers have physical access to a device.

Microsoft’s July release makes plain a practical tension: AI is finding more vulnerabilities faster, and those same advances are enabling quicker exploit creation. As Satnam Narang put it, “defense needs to improve alongside” the tools accelerating discovery. Whether exploitability scoring, patch prioritization, and update logistics will adapt at the same pace is the near-term question raised by a record-breaking Patch Tuesday.

https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/