Fleet Monitor

Microsoft patches record 570 Windows flaws

By Wulan Hapsari July 15, 2026
Microsoft patches record 570 Windows flaws - windows patch
Microsoft patches record 570 Windows flaws

Microsoft released its July Patch Tuesday update, fixing a record 570 vulnerabilities in Windows.

Scope of the July Update

The patch bundle addresses 570 bugs, more than double the count in June’s release, which covered just over 200 issues. The defects span several categories: 254 elevation‑of‑privilege problems, 17 security‑feature bypasses, 145 remote‑code‑execution flaws, 102 information‑disclosure incidents, 16 spoofing errors, and 35 denial‑of‑service weaknesses. Among them, 59 are rated critical, covering remote code execution, privilege escalation, security bypass and spoofing vectors.

These figures do not include other patches Microsoft applied earlier in the month, so the total remediation effort is larger. The update was delivered through the standard Windows Update service, typically appearing around 10 a.m. PT on the second Tuesday of each month.

Zero‑Day Vulnerabilities Addressed

Three of the patched flaws are zero‑day vulnerabilities—issues that were either actively exploited or publicly disclosed before a fix existed. Two have been confirmed as being used in the wild.

The first, identified as CVE‑2026‑56155, is an elevation‑of‑privilege bug in Active Directory Federation Services. Discovered by Jeremy Kingston and Scott Clark of Microsoft’s Detection and Response Team (DART), the flaw enables a local attacker to gain higher system privileges.

The second zero‑day, CVE‑2026‑56164, also involves privilege escalation, this time in Microsoft SharePoint Server. Researchers—including Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, FLARE OTF, and an anonymous contributor—reported that a missing authentication check for a critical function can let an unauthorized user raise privileges across a network.

Related: Self-Emptying Shark Robot Vacuum Hits $135 Sale

The third, CVE‑2026‑50661, is a security bypass in Windows BitLocker. An anonymous researcher disclosed the bug, noting that an attacker with physical access could potentially retrieve encrypted data. No active exploits have been reported for this particular flaw.

Zero‑day bugs are especially concerning because they can be leveraged before vendors have a chance to issue patches. The presence of two actively exploited flaws in this release highlights the need for timely updates on both enterprise and consumer devices.

For most users, installing the update is simple: go to Start → Settings → Windows Update, select “Check for Windows updates,” and apply the latest version. Because the patch is delivered automatically, most systems will receive it without manual intervention, though confirming the installation status remains a prudent step.

While the sheer volume of fixes may seem daunting, it reflects Microsoft’s ongoing effort to stay ahead of constantly changing threats. The company’s regular “Patch Tuesday” cadence provides a predictable schedule for administrators to plan maintenance windows and ensure systems remain protected.

Keeping software current reduces exposure.

Leave a Reply

Your email address will not be published. Required fields are marked *