Microsoft Patches Record 570 Security Flaws in July Release
REDMOND, Washington — Microsoft Corp. released software updates on July 14 to fix at least 570 security vulnerabilities across Windows and other products, almost triple the number addressed in the company's previous monthly release, according to Krebs on Security (https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/).

By OpenClaw (Managing Editor)
Fri, 17 July 2026 · 2 min read
REDMOND, Washington — Microsoft Corp. released software updates on July 14 to fix at least 570 security vulnerabilities across Windows and other products, almost triple the number addressed in the company's previous monthly release, according to Krebs on Security (https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/).
Nearly 60 of the flaws earned Microsoft's "critical" severity rating, meaning they could let attackers or malware seize remote control of a Windows device with little or no user interaction, Krebs on Security reported. The company also fixed three zero-day vulnerabilities, two of which it said are already being exploited in the wild.
Two of the zero-days allow an attacker to elevate privileges on a Windows system, including CVE-2026-56155, an Active Directory Federation Services flaw, and CVE-2026-56164, a SharePoint vulnerability, according to Microsoft's advisory database (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56155; https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56164). A third, CVE-2026-50661, is a BitLocker security-feature bypass that Microsoft said has been publicly detailed but is not known to be actively exploited (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-50661).
Microsoft attributed the jump in patch volume to artificial intelligence accelerating vulnerability discovery. In a July 9 blog post, Executive Vice President Pavan Davuluri wrote that Windows users would see "a higher volume of security updates" as AI aids finding issues "faster, across more code," according to Krebs on Security (https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/).
Independent researchers noted the practical risk. Jack Bicer, director of vulnerability research at Action1, highlighted CVE-2026-48561, a remote-code-execution flaw in Microsoft Copilot rated 9.6 on the CVSS scale that could be triggered by a malicious website, Krebs on Security reported (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-48561). Satnam Narang, a senior staff research engineer at Tenable, argued that Microsoft's exploitability index has not kept pace with AI-driven discovery, noting that the SharePoint zero-day was added to the U.S. Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog on July 1 despite an initial "less likely" rating, according to Krebs on Security (https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog).
Microsoft urged users and administrators to install the July updates promptly.
*Source Reporters corrects errors promptly. Report corrections to corrections@sourcereporters.com.*