570 — that is the number Microsoft released on Patch Tuesday in July 2026, a record-breaking total of security flaws addressed in a single update cycle, and among them were three zero-day vulnerabilities: two that have been exploited in attacks and one that was publicly disclosed.
Microsoft's July 2026 Patch Tuesday
On July 2026 Patch Tuesday, Microsoft issued security updates covering a record-breaking 570 flaws. The bulletin accompanying the release identified three zero-day vulnerabilities in that set: two of those zero-days had been exploited in attacks, and a third had been publicly disclosed.
Three zero-day vulnerabilities: two exploited, one publicly disclosed
The July 2026 release included three vulnerabilities classed as zero-days. According to the advisory material released with the updates, two of the zero-days had active exploitation in the wild at the time of disclosure; the third was characterized as publicly disclosed. The company bundled fixes for those three alongside the broader set of 570 corrections.
The scale: record-breaking 570 flaws
The total number — 570 addressed flaws — is described in the advisory as record-breaking for a single Patch Tuesday. That figure consolidates all security updates Microsoft published with this release. For organizations tracking monthly patch volumes, the July 2026 totals represent an exceptional surge in the number of distinct issues Microsoft treated as warranting corrective updates in one cycle.
What this means for technologists and end users
- Technologists and security teams: Faced with a record 570 fixes and three zero-days (two exploited in attacks, one publicly disclosed), security teams must reconcile an unusually large update set in a single maintenance window and prioritize remediation for the zero-days called out in the advisory.
- End users and general IT operators: The advisory’s characterization of two zero-days as actively exploited and a third as publicly disclosed signals that some vulnerabilities addressed in the July 2026 release were already of immediate operational concern; end users and operators will see those fixes included among the 570 updates Microsoft published.
Closing observation
The July 2026 Patch Tuesday is notable for both scale and seriousness: Microsoft released fixes for a record-breaking 570 flaws and explicitly identified three zero-day vulnerabilities — two already exploited and one publicly disclosed. That combination places the month’s update cycle among the more consequential Microsoft security releases recorded in the advisory materials, and it concentrates significant remediation activity into a single update event.




