Microsoft’s July 2026 Patch Tuesday delivers an unprecedented 570 vulnerability fixes, including two actively exploited zero‑days and one publicly disclosed zero‑day. The massive update underscores the growing importance of AI‑driven vulnerability discovery.

Key Takeaways

  • Record‑breaking patch covering 570 vulnerabilities
  • Two actively exploited zero‑days and one publicly disclosed zero‑day fixed
  • AI‑powered discovery system drives larger Patch Tuesday releases

On July 14, 2026, Microsoft announced its routine Patch Tuesday, but this edition shatters all previous records with a staggering 570 flaws addressed. Among them, 59 are classified as “Critical,” featuring 48 remote code execution (RCE) bugs, nine elevation‑of‑privilege (EoP) issues, one security‑feature bypass, and one spoofing vulnerability.

Breakdown of Vulnerability Types

The detailed distribution shows 254 EoP, 17 security‑feature bypass, 145 RCE, 102 information‑disclosure, 35 denial‑of‑service, and 16 spoofing flaws. Notably, the count excludes earlier‑month fixes for Mariner, Azure OpenAI, Azure Synapse, M365 Copilot, Exchange Online, Edge for Android, and Entra Provisioning Service.

Three Zero‑Day Vulnerabilities Patched

This month’s release includes three zero‑day fixes: two that were already being exploited in the wild and one publicly disclosed. The first, CVE‑2026‑56155, affects Active Directory Federation Services (AD FS) and allowed attackers to elevate privileges locally. Microsoft credited the discovery to DART researchers Jeremy Kingston and Scott Clark.

The second, CVE‑2026‑56164, targets Microsoft SharePoint Server, granting remote attackers elevated rights. Microsoft recommends enabling the Antimalware Scan Interface (AMSI) with Full Request Body Scan to mitigate the issue. The third, CVE‑2026‑50661, is a BitLocker security‑feature bypass that could let an attacker with physical access retrieve encrypted data; it was reported by an anonymous researcher.

AI‑Powered Vulnerability Discovery

Microsoft recently announced the integration of an AI‑driven discovery engine across its Windows codebase, a move that explains the surge in Patch Tuesday volume. By proactively hunting for weaknesses before threat actors can weaponize them, the company aims to stay ahead of the cyber‑threat curve.

Updates from Other Vendors

July also saw a flurry of patches from industry peers: Adobe closed seven high‑severity ColdFusion and Campaign bugs, BeyondTrust remedied two critical authentication bypasses, Cisco rolled out updates across its Identity Services Engine and Catalyst Center, and Linux kernel maintainers patched the Januscape VM escape flaw. Collectively, these efforts reinforce a broader push toward a more resilient software ecosystem.