Windows Users, Take Note: A Record 570 Flaws Patched in Latest Update
Microsoft’s July Patch Tuesday update has just been released, and it’s a doozy. With a whopping 570 bugs fixed, this update is the largest in history, surpassing June’s previous record of around 200 flaws.
The fixes are broken down into several categories, including 254 elevation-of-privilege vulnerabilities, 17 security feature bypass vulnerabilities, 145 remote-code-execution vulnerabilities, 102 information disclosure vulnerabilities, 16 spoofing vulnerabilities, and 35 denial-of-service vulnerabilities.
Of these, 59 are rated ‘critical’, including remote code execution, elevation of privilege, security bypass, and spoofing flaws. These figures don’t include other vulnerabilities patched by Microsoft earlier this month.
The Zero-Days: The Most Dangerous Type of Security Vulnerability
Zero-days are the most feared type of security vulnerability. A zero-day is a flaw that has been actively exploited in the wild or publicly disclosed before the developer releases an official fix. Two of the zero-days addressed with this month’s Patch Tuesday have been actively exploited, while one was publicly disclosed.
The first actively exploited zero-day, labeled CVE-2026-56155, is an elevation of privilege flaw in Active Directory Federation Services that allows an attacker to elevate privileges locally on your machine. Jeremy Kingston and Scott Clark, members of the Microsoft Detection and Response Team (DART), discovered this vulnerability.
The second actively exploited vulnerability (CVE-2026-56164) is also an elevation of privilege flaw, this one in Microsoft SharePoint Server. A missing authentication for ‘critical function’ can allow an unauthorized attacker to elevate privileges over a network. Microsoft attributes this discovery to a handful of researchers: Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, FLARE OTF, and an anonymous individual.
The third zero-day addressed this month was publicly disclosed, but no known exploits are currently reported. CVE-2026-50661 is a security bypass flaw in Windows BitLocker that could allow an attacker with physical access to obtain encrypted data. Microsoft credits an anonymous researcher with this discovery.
How to Install the July Patch Tuesday Update
Patch Tuesday updates are typically released around 10 a.m. PT on the second Tuesday of every month. You should receive them automatically, but again, you’ll want to make sure these fixes are installed on your device as soon as possible. Check your PC’s update status under Start > Settings > Windows Update > Check for Windows updates and install the latest update available.
Here’s a breakdown of the steps to follow:
- Open the Start menu and click on the Settings icon.
- Click on the ‘Update & Security’ option.
- Under the ‘Windows Update’ section, click on the ‘Check for updates’ button.
- Once the update is available, click on the ‘Download and install now’ button to install the latest update.
By following these simple steps, you can ensure that your device is protected from the latest security vulnerabilities and stay up-to-date with the latest features and improvements.