Microsoft's Record Patch Tuesday: 570 Vulnerabilities Fixed in a Single Day
On July 15, 2026, Microsoft released its largest monthly security update in history — a Patch Tuesday that patched 570 vulnerabilities across Windows, Office, SharePoint, Azure, and other products. The previous record, set just one month earlier in June 2026, was 206 flaws. The July release more than doubled that number.
The update included fixes for three zero-day vulnerabilities. Two of them — one in Active Directory Federation Services (CVE-2026-56155) and another in SharePoint (CVE-2026-56164) — were already being actively exploited by attackers before Microsoft released patches. A third zero-day (CVE-2026-50661) affecting BitLocker encryption was publicly disclosed but not yet exploited at the time of the patch.
Of the 570 total vulnerabilities, 59 were classified as "Critical" — the highest severity rating Microsoft assigns. Forty-eight of those critical bugs could allow remote code execution, meaning an attacker could run malicious code on a victim's machine without any user interaction. The remaining flaws ranged across elevation of privilege, security bypass, and spoofing categories.
One notable finding that emerged alongside the update is the role AI is now playing in Microsoft's security pipeline. Windows Executive Vice President Pavan Davuluri confirmed that the company is using AI-based tools and large language models to examine its massive codebases. Automation is uncovering hundreds of new bugs that traditional manual auditing would have missed — which explains why the monthly patch count is accelerating. More record-breaking Patch Tuesday releases are expected in the months ahead.
However, the update also came with complications. Dell identified a significant compatibility issue between an Intel driver used in its PCs and a new Windows USB-C Connection Manager introduced in a preview update. As a result, Microsoft delayed the July cumulative update for some Dell systems running Windows 11 versions 25H2 and 24H2.
Three key facts to remember: First, the July 2026 Patch Tuesday fixed 570 vulnerabilities — the largest single-month security update in Microsoft's history. Second, two of the three zero-day flaws were already being exploited in active attacks, meaning the window between discovery and weaponization is shrinking. Third, AI-driven code analysis is rapidly increasing the number of bugs found — both by security researchers and by Microsoft itself — which is good for long-term safety but means more frequent and larger updates in the short term.