{"id":14299,"date":"2026-07-15T03:04:15","date_gmt":"2026-07-15T03:04:15","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/15\/microsoft-patches-a-record-570-security-flaws\/"},"modified":"2026-07-15T03:04:15","modified_gmt":"2026-07-15T03:04:15","slug":"microsoft-patches-a-record-570-security-flaws","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/15\/microsoft-patches-a-record-570-security-flaws\/","title":{"rendered":"Microsoft Patches a Record 570 Security Flaws"},"content":{"rendered":"<p>    Microsoft Patches a Record 570 Security Flaws<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p><strong>Microsoft Corp.<\/strong> today released software updates to plug at least 570 security holes in its <strong>Windows<\/strong> operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\" wp-image-56287 aligncenter\" src=\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png?resize=749%2C527&#038;ssl=1\" alt=\"A picture of a windows laptop in its updating stage, saying do not turn off the computer.\" width=\"749\" height=\"527\" srcset=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png 841w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate-768x541.png 768w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate-782x550.png 782w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate-100x70.png 100w\" sizes=\"(max-width: 749px) 100vw, 749px\"><\/p>\n<p>Nearly 60 of the bugs quashed in July\u2019s Patch Tuesday earned a \u201ccritical\u201d severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild.<\/p>\n<p>Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-56155\" target=\"_blank\" rel=\"noopener\">CVE-2026-56155<\/a> \u2014 an <strong>Active Directory Federation Services<\/strong> bug \u2014 and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-56164\" target=\"_blank\" rel=\"noopener\">CVE-2026-56164<\/a>, a <strong>Microsoft Sharepoint<\/strong> vulnerability.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-50661\" target=\"_blank\" rel=\"noopener\">CVE-2026-50661<\/a> is a security feature bypass in <strong>Windows BitLocker<\/strong> that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation.<\/p>\n<p>In a blog post on July 9, Microsoft Executive Vice President <strong>Pavan Davuluri<\/strong> wrote that Windows users will notice \u201ca higher volume of security updates included in each security release\u201d as a result of AI aiding in the discovery of vulnerabilities.<\/p>\n<p>\u201cThe pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,\u201d Davuluri <a href=\"https:\/\/blogs.windows.com\/windowsexperience\/2026\/07\/09\/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery\/\" target=\"_blank\" rel=\"noopener\">wrote<\/a>.<span id=\"more-73991\"><\/span><\/p>\n<p><strong>Jack Bicer<\/strong>, director of vulnerability research at <strong>Action1<\/strong>, called attention to <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2026-48561\" target=\"_blank\" rel=\"noopener\">CVE-2026-48561<\/a>, a remote code execution flaw in Microsoft Copilot (with a 9.6 CVSS threat score) that allows an unauthorized attacker to execute code over the network. Microsoft says an attacker could exploit this bug by hosting a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot when a user visits the site.<\/p>\n<p>As AI advances the state of vulnerability discovery and remediation, it is also making it easier for attackers to quickly devise working exploits for known software flaws. Microsoft has long labeled security bugs using its \u201cexploitability index,\u201d which is Redmond\u2019s best guess as to how likely it is that attackers will be able to figure out a reliable way to exploit a given vulnerability.<\/p>\n<p>But <strong>Satnam Narang<\/strong>, senior staff research engineer at <strong>Tenable<\/strong>, argues that Microsoft\u2019s exploitability index needs to do a better job of shifting with the machine speed of discovery. For example, Microsoft originally gave this month\u2019s SharePoint zero-day an exploitability rating of \u201cless likely,\u201d although the flaw was <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/07\/01\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\" rel=\"noopener\">added<\/a> to CISA\u2019s Known Exploited Vulnerabilities list on July 1.<\/p>\n<p>\u201cAnthropic\u2019s Red Team\u2019s own findings for known vulnerabilities (n-days) revealed how fragile this system has become, with its Mythos Preview model being able to produce proof-of-concept exploits for 13 of 14 vulnerabilities that were rated \u2018Exploitation Less Likely\u2019 or \u2018Exploitation Unlikely,&#8217;\u201d Narang said. \u201cWhat this means is that our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools, and as these tools continue to improve, defense needs to improve alongside it.\u201d<\/p>\n<p><strong>Chris Goettl<\/strong> at <strong>Ivanti<\/strong> observed that the record patch numbers from Microsoft come as a number of other major software makers are increasing their patch cadence, including Adobe which announced today it is moving to twice-monthly security bulletins published on the 2nd and 4th Tuesday of each month (Adobe also cited AI for accelerating their patch cycles). <strong>Cisco<\/strong>, <strong>Mozilla<\/strong> and <strong>Oracle<\/strong> also are shipping updates more frequently, while Google\u2019s patch batches in June 2026 totaled more than 900 security fixes, Goettl noted.<\/p>\n<p>Backing up your Windows system and\/or data is always a good idea before applying operating system updates. Given the volume of patches addressed this month it may be wise for end users to wait a few days before applying these fixes. It\u2019s not uncommon for security patches to introduce system stability issues, and those chances probably increase quite a bit with the gigantic patch count released today.<\/p>\n<p>Further reading:<\/p>\n<p><a href=\"https:\/\/www.action1.com\/patch-tuesday\/patch-tuesday-july-2026\/?vyi\" target=\"_blank\" rel=\"noopener\">Action1\u2019s Patch Tuesday blog<\/a><\/p>\n<p><a href=\"https:\/\/listen.automox.com\/episodes\/patch-fix-tuesday-july-2026-e34\" target=\"_blank\" rel=\"noopener\">Automox\u2019s rundown<\/a><\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    BrianKrebs<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/krebsonsecurity.com\/2026\/07\/microsoft-patches-a-record-570-security-flaws\/\">Go to krebsonsecurity<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Patches a Record 570 Security Flaws Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1385,2582,1092,2583,2584,2585,2586,1099,2587,55,1598,2588,2589,186,177,187,207,178,2590],"tags":[72],"class_list":["post-14299","post","type-post","status-publish","format-standard","hentry","category-action1","category-active-directory-federation-services","category-chris-goettl","category-cve-2026-48561","category-cve-2026-50661","category-cve-2026-56155","category-cve-2026-56164","category-ivanti","category-jack-bicer","category-krebsonsecurity","category-microsoft-corp","category-patch-tuesday-july-2026","category-pavan-davuluri","category-satnam-narang","category-security-tools","category-tenable","category-the-coming-storm","category-time-to-patch","category-windows-bitlocker","tag-krebsonsecurity"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14299"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14299"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14299\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}