Microsoft Just Patched a Record 570 Flaws in Windows

This month's Patch Tuesday update also includes three zero-days.

Microsoft Just Patched a Record 570 Flaws in Windows

Emily Long

Emily Long Freelance Writer

Experience

Emily Long is a freelance writer based in Salt Lake City.

After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of Atlantic Media Company, in Washington, D.C. She has nearly a decade of experience as a freelancer covering tech (including issues related to security, privacy, and streaming) as well as personal finance and travel.

In addition to Lifehacker, her work has been featured on Wirecutter, Tom’s Guide, and ZDNET. Emily has also worked as a travel guide around the U.S. and as a content editor. She has a masters in social work and is a licensed therapist in Utah.

Read Full Bio

July 14, 2026

Add as a preferred source on Google
Add as a preferred source on Google

windows 11 laptop

Credit: NguyenDucQuang/Getty Images

Key Takeaways

Microsoft's Patch Tuesday update for July fixes a record 570 bugs, including three zero-days that have been actively exploited or publicly disclosed. Previously, June's update was the largest ever, with patches for just over 200 flaws. You should receive Patch Tuesday updates automatically, but you'll want to make sure these fixes are installed on your device as soon as possible.

Table of Contents


If you're a Windows user, you may want to install the latest security update ASAP. Microsoft's July Patch Tuesday update fixes a record 570 bugs, including three zero-days that have been actively exploited or publicly disclosed. Previously, June's update was the largest ever, with patches for just over 200 flaws.

As BleepingComputer reports, the fixes are broken down across the following categories: 254 elevation-of-privilege vulnerabilities, 17 security feature bypass vulnerabilities, 145 remote-code-execution vulnerabilities, 102 information disclosure vulnerabilities, 16 spoofing vulnerabilities, and 35 denial-of-service vulnerabilities. Fifty-nine of the bugs are rated "critical" and include remote code execution, elevation of privilege, security bypass, and spoofing flaws. Note that these figures do not include other vulnerabilities patched by Microsoft earlier this month.

Microsoft patched these three Windows zero-days in July

Zero-days are the most dangerous type of security vulnerability. A zero-day is a flaw that has been actively exploited in the wild or publicly disclosed before the developer releases an official fix. Two of the zero-days addressed with this month's Patch Tuesday have been actively exploited, while one was publicly disclosed.

The first actively exploited zero-day, labeled CVE-2026-56155, is an elevation of privilege flaw in Active Directory Federation Services that allows an attacker to elevate privileges locally on your machine. Jeremy Kingston and Scott Clark, members of the Microsoft Detection and Response Team (DART), discovered this vulnerability.

The second actively exploited vulnerability (CVE-2026-56164) is also an elevation of privilege flaw, this one in Microsoft SharePoint Server. A missing authentication for "critical function" can allow an unauthorized attacker to elevate privileges over a network. Microsoft attributes this discovery to a handful of researchers: Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, FLARE OTF, and an anonymous individual.

What do you think so far?

The third zero-day addressed this month was publicly disclosed, but no known exploits are currently reported. CVE-2026-50661 is a security bypass flaw in Windows BitLocker that could allow an attacker with physical access to obtain encrypted data. Microsoft credits an anonymous researcher with this discovery.

How to install the July Patch Tuesday update

Patch Tuesday updates are typically released around 10 a.m. PT on the second Tuesday of every month. You should receive them automatically, but again, you'll want to make sure these fixes are installed on your device as soon as possible. Check your PC's update status under Start > Settings > Windows Update > Check for Windows updates and install the latest update available.