Microsoft Has Patched a Record 570 Vulnerabilities in Windows.

If you’re a Windows user, you might want to install the latest security update as soon as possible. Microsoft’s July Patch Tuesday update fixes a record 570 bugs, including three zero-day vulnerabilities that were actively exploited or publicly disclosed. Previously, the June update was the largest ever , including fixes for over 200 vulnerabilities.

According to BleepingComputer , the fixes are divided into the following categories: 254 privilege escalation vulnerabilities, 17 security feature bypass vulnerabilities, 145 remote code execution vulnerabilities, 102 information disclosure vulnerabilities, 16 address spoofing vulnerabilities, and 35 denial of service vulnerabilities. Fifty-nine bugs are rated “critical” and include remote code execution, privilege escalation, security feature bypass, and address spoofing vulnerabilities. It should be noted that these figures do not include other vulnerabilities Microsoft patched earlier this month.

In July, Microsoft patched three zero-day vulnerabilities in Windows.

Zero-day vulnerabilities are the most dangerous type of security vulnerability. A zero-day vulnerability is a flaw that has been actively exploited by attackers or publicly disclosed before the developer has released an official fix. Two of the zero-day vulnerabilities patched as part of this month’s Patch Tuesday update were actively exploited by attackers, and one was publicly disclosed.

You may also like

The first actively exploited zero-day vulnerability, designated CVE-2026-56155, is a privilege escalation vulnerability in Active Directory Federation Services that allows an attacker to elevate privileges locally on your computer. This vulnerability was discovered by Jeremy Kingston and Scott Clark, members of the Microsoft Detection and Response Team (DART).

The second actively exploited vulnerability (CVE-2026-56164) is also a privilege escalation vulnerability, this time in Microsoft SharePoint Server. Lack of authentication for a “critical function” could allow an unauthorized attacker to escalate their privileges on the network. Microsoft attributes this discovery to several researchers: Jason Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, FLARE OTF, and an anonymous individual.

What do you think at the moment?

The third zero-day vulnerability discovered this month was publicly disclosed, but no known exploits are currently available. CVE-2026-50661 is a security bypass vulnerability in Windows BitLocker that could allow an attacker with physical access to access encrypted data. Microsoft attributes this discovery to an anonymous researcher.

How to install the July Patch Tuesday update

Patch Tuesday updates are typically released around 10:00 AM Pacific Time on the second Tuesday of each month. You should receive them automatically, but again, you should ensure these fixes are installed on your device as soon as possible. Check your PC’s update status by going to Start > Settings > Windows Update > Check for Windows updates and installing the latest available update.

More…

Leave a Reply