Microsoft Just Patched a Record 570 Flaws in Windows


If you are among the millions of Windows users, now is the time to prioritize the installation of the latest security update. Microsoft has unveiled its July Patch Tuesday update, which addresses an unprecedented 570 vulnerabilities, including three critical zero-days that have either been actively exploited or publicly disclosed. This update surpasses June’s record, which previously addressed just over 200 flaws.

According to reports from BleepingComputer, the vulnerabilities are categorized as follows:

  • 254 elevation-of-privilege vulnerabilities
  • 17 security feature bypass vulnerabilities
  • 145 remote-code-execution vulnerabilities
  • 102 information disclosure vulnerabilities
  • 16 spoofing vulnerabilities
  • 35 denial-of-service vulnerabilities

Among these, fifty-nine bugs are classified as “critical,” encompassing issues related to remote code execution, elevation of privilege, security bypass, and spoofing. It is important to note that these figures do not include additional vulnerabilities that Microsoft patched earlier this month.

Microsoft patched these three Windows zero-days in July

Zero-day vulnerabilities represent the most perilous type of security flaw. Defined as vulnerabilities that are actively exploited or publicly disclosed before a developer can issue a fix, these flaws pose significant risks to users. This month’s Patch Tuesday addresses two actively exploited zero-days and one that has been publicly disclosed.

The first of the actively exploited zero-days, identified as CVE-2026-56155, is an elevation of privilege flaw within Active Directory Federation Services. This vulnerability allows an attacker to elevate privileges locally on a user’s machine. The discovery was made by Jeremy Kingston and Scott Clark, members of the Microsoft Detection and Response Team (DART).

The second zero-day, CVE-2026-56164, also pertains to elevation of privilege, this time within Microsoft SharePoint Server. A missing authentication for a “critical function” could enable an unauthorized attacker to elevate privileges over a network. This vulnerability was uncovered by a team of researchers, including Jayson Frost from Mandiant Incident Response, Genwei Jiang from Google Cloud, FLARE OTF, and an anonymous individual.

The third zero-day, CVE-2026-50661, was publicly disclosed but currently has no known exploits. This security bypass flaw in Windows BitLocker could potentially allow an attacker with physical access to obtain encrypted data. Microsoft credits an anonymous researcher for this discovery.

How to install the July Patch Tuesday update

Patch Tuesday updates are generally released around 10 a.m. PT on the second Tuesday of each month. While these updates should be installed automatically, it is advisable to ensure that your device is equipped with the latest fixes as soon as possible. To check your PC’s update status, navigate to Start > Settings > Windows Update > Check for Windows updates and install any available updates.

Winsage
Microsoft Just Patched a Record 570 Flaws in Windows