Hourly ·
Microsoft Shatters Patch Record With 570 Security Fixes, AI Driving the Surge
Microsoft's July 2026 Patch Tuesday delivers a record-smashing 570 vulnerability fixes — nearly triple last month's record — as AI-powered discovery reshapes the security landscape on both offense and defense.
Microsoft dropped its largest-ever Patch Tuesday update on July 14, shipping fixes for a staggering 570 security vulnerabilities across Windows and its broader software ecosystem. The total nearly triples the previous record set just last month, a pace Microsoft executives say is directly attributable to AI-powered vulnerability discovery.
Of the 570 flaws addressed, 59 earned a "critical" severity rating — meaning attackers could seize remote control of unpatched Windows devices with little to no user interaction. Three of the patched vulnerabilities are zero-days already being exploited in the wild.
The actively exploited zero-days include CVE-2026-56155, an elevation-of-privilege flaw in Active Directory Federation Services, and CVE-2026-56164, a SharePoint vulnerability that grants attackers administrative access. A third, CVE-2026-50661, is a BitLocker security feature bypass that could expose encrypted data to anyone with physical access to the device, though Microsoft says it has not yet seen active exploitation.
Microsoft Executive Vice President Pavan Davuluri acknowledged the shift in a July 9 blog post, writing that Windows users should expect "a higher volume of security updates included in each security release" as AI accelerates vulnerability discovery. "The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code," Davuluri said.
But the AI arms race cuts both ways. Jack Bicer of Action1 flagged CVE-2026-48561, a remote code execution bug in Microsoft Copilot carrying a near-maximum 9.6 CVSS score. An attacker could exploit it simply by hosting a malicious website that triggers crafted prompts when a user visits in Edge for Android.
The offensive side of AI is equally concerning. Satnam Narang of Tenable pointed to recent research from Anthropic, whose Mythos Preview model produced working proof-of-concept exploits for 13 of 14 vulnerabilities that Microsoft's own exploitability index had rated "Exploitation Less Likely" or "Exploitation Unlikely." As Narang put it, "Our way of looking at Patch Tuesday has changed, because the exploitability index is centered around humans, not AI tools."
The surge is not limited to Microsoft. Adobe announced it is moving to twice-monthly security bulletins, also citing AI for accelerating patch cycles. Google shipped over 900 security fixes in June alone, while Cisco, Mozilla, and Oracle have all increased update cadence.
Security experts recommend backing up systems before applying the updates and, given the volume, suggest waiting a few days for any stability issues to surface before deploying across production environments.
Sources: Krebs on Security, BleepingComputer
微软创纪录地发布了57兆安全修复,AI推动了这一增长
微软7月补丁星期三发布创纪录的570个漏洞修复——近 Triple 上个月的记录——AI驱动的[K 发现重塑了攻防两端的安全格局。
<<周报 周四·2026-07-15 00:16 UTC 微软刷新补丁记录,7月安全修复达570项,AI引[K 领新趋势 微软的周二补丁日发布创纪录的570个漏洞修复——几乎是上个月创下的记录的[K 三倍——随着人工智能驱动的发现重新塑造了攻防两端的安全格局。 图片:Jelson25 公[K 有领域(许可证) 微软发布了570项安全修复,创下周二补丁日新高,接近于上月创下[K 的记录的三倍。这反映了AI在漏洞发现和应对中的作用。 >>
More Hourlies Stories
Content on Anagnorisis is summarized, paraphrased, and editorialized from publicly available sources for length and clarity. Original sources are linked where available. All trademarks belong to their respective owners.
