Shopping

Microsoft just released its biggest Patch Tuesday ever, with a mammoth 622 fixes including three dangerous zero-days

Microsoft just released its biggest Patch Tuesday ever, with a mammoth 622 fixes including three dangerous zero-days
Image: techradar.com
  • Microsoft’s July 2026 Patch Tuesday fixed a record 622 vulnerabilities, including 58 critical, two exploited in the wild, and one publicly disclosed, plus 428 Chromium bugs
  • Actively abused flaws include CVE‑2026‑56155 (AD FS privilege escalation) and CVE‑2026‑56164 (SharePoint privilege escalation), alongside notable issues in BitLocker and Copilot
  • Surge in fixes is linked to Microsoft’s use of Anthropic’s Mythos AI, with patch volumes rising sharply since its adoption

Microsoft has released its July 2026 Patch Tuesday download, marking another record-breaking update, addressing hundreds of flaws across the ecosystem.

The release, which is currently rolling out to Microsoft users, fixes a staggering 622 vulnerabilities, including 58 critical-severity ones, two that were observed as being abused in the wild, and one which has already been publicly disclosed.

On top of that, Microsoft shipped fixes for another 428 Chromium bugs, as well.

A jump in numbers

There are simply too many vulnerabilities to mention all of them, however two that are being exploited in the wild are CVE-2026-56155 and CVE-2026-56164. The former is described as an “Insufficient granularity of access control in Active Directory Federation Services (AD FS)” bug, which allows an authorized attacker to elevate privileges locally. It carries a severity score of 7.8/10 (high).

The latter is a “Missing authentication for critical function in Microsoft Office SharePoint” bug that allows an unauthorized attacker to elevate privileges over a network. Microsoft assigned it a medium severity score (5.3/10), but the National Vulnerability Database gave it a 9.8/10 (critical).

Other notable mentions include CVE-2026-50661, a protection mechanism failure in Windows BitLocker that allows unauthorized attackers to bypass a security feature with a physical attack, and CVE-2026-48561, an improper neutralization of special elements used in a command in Microsoft Copilot, that allows an unauthorized attacker to execute code over a network.

If you think fixing 622 vulnerabilities in a month is a lot, you’re absolutely right. It’s well above what Microsoft is used to do, and this is most likely due to the company now using the fabled Mythos - Anthropic’s cybersecurity-oriented AI.

In June 2026, roughly a month and a half after the release of Mythos, Microsoft fixed 206 flaws, which raised eyebrows because it was significantly above the company’s usual amount of bugs fixed.

In May it fixed 120 flaws, in April 167, and in March - 79.

This is a preview from the original publisher. Continue reading at the source:

Read Full Article on techradar.com →

More News