Exclusive Student Offer

Prime for Young Adults

Get a 6-month trial with premium college perks & fast delivery.

Start Free Trial
Listen Anywhere

Audible Standard Trial

Get 30 days of audiobooks free. Cancel anytime, keep your books.

Claim Free Books

In July, Microsoft made headlines by fixing a staggering 570 security vulnerabilities, marking a significant shift in how such vulnerabilities are discovered—thanks to artificial intelligence (AI). This record-breaking figure is notably higher compared to the approximately 120 vulnerabilities patched in May and 200 in June, a dramatic increase largely attributed to Microsoft’s innovative MDASH AI pipeline. According to Executive Vice President Pavan Davuluri, AI is fundamentally transforming cybersecurity by accelerating the identification and remediation of vulnerabilities.

Critical Vulnerabilities and Active Threats

Among the 570 vulnerabilities addressed, 59 are classified as critical. The distribution encompasses a wide range of threats:

  • 254 vulnerabilities related to Elevation of Privilege (EoP)
  • 145 vulnerabilities for Remote Code Execution (RCE)
  • 102 incidents of Information Disclosure
  • 35 Denial-of-Service vulnerabilities
  • 17 circumventions of security features
  • 16 Spoofing vulnerabilities

Notably alarming, three Zero-Day vulnerabilities were patched, two of which were actively exploited. CVE-2026-56155, affecting Active Directory Federation Services (AD FS), allows for privileges escalation, while CVE-2026-56164 in SharePoint Server is similarly under active attack. Both vulnerabilities have been included in the known exploited vulnerabilities catalog (KEV) by the US Cybersecurity and Infrastructure Security Agency (CISA).

The third Zero-Day vulnerability, CVE-2026-50661, allows for bypassing BitLocker encryption—albeit only with physical access to the device. Additionally, a high-risk RCE vulnerability in Copilot, CVE-2026-48561, has been closed, boasting a CVSS score of 9.6.

New Attacks Following Patch Day

Shortly after the updates were rolled out, additional distressing news emerged. On July 17, security researcher Nightmare Eclipse released a proof-of-concept for a new Zero-Day exploit named LegacyHive, which exploits the Windows User Profile Service to gain administrator rights. Microsoft has initiated an investigation, but this exploit also requires valid login credentials.

Moreover, SharePoint Server remains a prime target for attackers. In addition to the aforementioned Zero-Day EoP vulnerability, CISA confirmed active exploitation of CVE-2026-32201 (Spoofing) and CVE-2026-45659 (RCE). Another recently discovered SharePoint RCE vulnerability, CVE-2026-58644, with a CVSS score of 9.8, was already under attack shortly after its disclosure in July.

Update Hurdles and End of Support

Microsoft is urging immediate installation of security patches for Windows, Office, Exchange, and SQL Server. However, not all users can comply. Compatibility issues with Intel drivers and USB-C connection managers are delaying updates for certain Dell PCs running Windows 11 versions 24H2 and 25H2.

The July Patch Tuesday also signals the end of support for several legacy products: SharePoint Server 2016, SharePoint Server 2019, and SQL Server 2016 will no longer receive security updates. Security experts caution that the convergence of a record number of patches and the end of support creates a complex scenario for IT administrators. A risk-based patch management approach is recommended.

The increasing trend of vulnerabilities is being observed across the industry. Adobe has already shifted to a bi-monthly patch cycle to cope with the rising tide of security vulnerabilities. Google also reported over 900 corrections in June 2026.

Get Audible 30-Day Free Trial

As an Amazon Associate, we earn from qualifying purchases.