Skip to main content
LiMP VPN
All news

Microsoft Patches Record 570 Windows Bugs, 3 Zero-Days

Microsoft Patches Record 570 Windows Bugs, 3 Zero-Days

In short: On 15 July 2026 Microsoft shipped a record Patch Tuesday, fixing roughly 570 vulnerabilities across Windows and related products. Three are zero-days, and two were already being used in real-world attacks. The company links the surge to its expanded use of AI to hunt for bugs in its own code. The takeaway for every user: do not delay your system update.

What happened

On 15 July 2026, as part of its monthly Patch Tuesday, Microsoft released fixes for about 570 vulnerabilities in Windows, Windows Server, SharePoint, Office and other products. It is the largest such release on record — the previous high was around 200 vulnerabilities in June 2026 — and 59 of the flaws are rated critical. The scale was reported by Kaspersky and Anti-Malware.ru citing Microsoft's own bulletins. If you want to harden a home PC specifically, our guide on setting up a VPN for Windows is a good starting point.

Why there are so many patches — and how AI is involved

Microsoft itself attributes the record to its growing use of artificial intelligence to find flaws in its own codebase, and it warns that the size of each release will only keep growing. The breakdown is telling: 254 vulnerabilities allow privilege escalation (44% of the release), 145 allow remote code execution, 102 lead to information disclosure and 35 cause denial of service. In other words, most of the holes help an attacker who already has a foothold seize full control of a machine.

Three zero-days, two already under attack

A zero-day is a flaw that becomes known before a fix ships, so attackers get a head start. July's batch has three, and two were already exploited in real attacks:

  • CVE-2026-56155 — a privilege-escalation flaw in Active Directory Federation Services that lets an authenticated attacker gain administrator rights. It has been added to the CISA KEV catalog of actively exploited bugs.
  • CVE-2026-56164 — an authentication bypass in SharePoint Server (2016, 2019 and Subscription Edition) leading to remote privilege escalation, with incidents observed across several organisations.
  • CVE-2026-50661 — a BitLocker encryption bypass that requires physical access to the device; it was publicly disclosed before the patch.

Experts also single out critical remote-code-execution flaws scoring up to CVSS 9.8–9.9 in RDP, the DHCP server and SharePoint. These are especially dangerous for servers exposed to the internet.

Why this is dangerous for your data

Although most of the vulnerabilities affect corporate servers, ordinary users are affected too. Windows runs on the majority of home PCs, and privilege-escalation and remote-code-execution bugs are exactly what turn one accidental run of an infected file into a full takeover: passwords stolen from the browser, banking sessions hijacked, files encrypted by ransomware. If your system is not updated in time, a flaw that is already patched elsewhere stays an open door on your machine specifically.

The problem is compounded by how much user data already leaks — as we covered in our report on the billion-record infostealer leak. The more ready-made data attackers hold about you, the more targeted an attack through an unpatched hole becomes.

How to protect yourself

Install the updates as soon as possible. Check Windows Update and apply the July patches, especially on a PC that touches work systems. Turn on automatic updates so you do not depend on a manual check.

Do not open files or links from untrusted sources. Most attack scenarios start with the victim opening a malicious file. Healthy skepticism toward attachments and links — see our guide on protecting accounts from hijacking — removes a big share of the risk.

Use a password manager and two-factor authentication. Even if an attacker reaches your system, unique passwords and a secure password vault limit the damage.

Encrypt your traffic on untrusted networks. Updates close holes in the system, but on public Wi-Fi your data can still be intercepted in transit. A VPN routes your traffic through an encrypted tunnel so others on the same network cannot read your sessions and passwords. LiMP VPN is a no-logs service for iOS and Android — see the features and plans, and more security news on our blog.

Sources

This report is based on coverage by Kaspersky and Anti-Malware.ru, and on data from CNews, July 2026.

Microsoft Patches Record 570 Windows Bugs, 3 Zero-Days | LiMP VPN