During July’s Patch Tuesday, Microsoft patched an unprecedented number of security vulnerabilities. A total of 570 vulnerabilities were fixed in Windows and other Microsoft products, nearly three times as many as in last month’s equally extensive update. According to Microsoft, the sharp increase is primarily due to AI, which significantly speeds up the detection of vulnerabilities.
Of the vulnerabilities patched, nearly sixty were classified as “critical,” reports KrebsonSecurity. In addition, Microsoft addressed three zero-day vulnerabilities, two of which are already being actively exploited by attackers.
Two actively exploited zero-days
The two actively exploited zero-days enable privilege escalation. Attackers who already have access to a system can use these to gain higher privileges and thus gain further control over the system. These are CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint.
In addition, Microsoft is addressing approximately 250 other vulnerabilities that could allow for privilege escalation.
A third zero-day vulnerability is CVE-2026-50661 in BitLocker. This vulnerability allows an attacker with physical access to a device to bypass disk encryption. Microsoft emphasizes that the vulnerability is now publicly known, but says it has no evidence that it is currently being exploited.
Vulnerability in Copilot
One of the most severely rated vulnerabilities this month is CVE-2026-48561, a remote code execution vulnerability in Microsoft Copilot with a CVSS score of 9.6. According to Microsoft, an attacker can exploit Microsoft Edge for Android by presenting a specially crafted website. When visiting that page, the browser may automatically send malicious prompts to Copilot, allowing remote code execution.
AI leads to more patches
Microsoft warned last week that users should expect larger Patch Tuesday updates. According to Pavan Davuluri, Executive Vice President at Microsoft, AI is fundamentally changing the pace at which vulnerabilities are discovered.
Because AI can quickly analyze large amounts of source code, Microsoft says more vulnerabilities are being found before attackers can exploit them. The company therefore does not view the increase in the number of patches as a decline in software quality, but rather as a result of more efficient security analyses.
Attackers are also benefiting from AI
Security researchers do, however, have some reservations about this. Satnam Narang of Tenable argues that AI helps not only defenders but also attackers. He points out that modern AI models can generate exploits for known vulnerabilities at an ever-faster rate.
According to Narang, this means Microsoft’s exploitability index is less aligned with current reality. As an example, he cites this month’s SharePoint zero-day, which was initially rated as “less likely to be exploitable” but quickly ended up on the U.S. Cybersecurity and Infrastructure Security Agency (CISA)’s list of actively exploited vulnerabilities.
He refers to recent research by Anthropic, which showed that an AI model could generate a proof-of-concept exploit with little effort for thirteen out of the fourteen vulnerabilities that Microsoft had classified as difficult to exploit.
Acceleration evident across the entire software sector
According to Ivanti, the same trend is also evident among other software vendors. Adobe now releases security updates twice a month and also cites AI as the reason for the faster pace. Cisco, Mozilla, and Oracle are also releasing patches more frequently. Google even fixed more than 900 security vulnerabilities in June.
For IT administrators, this month’s update represents an exceptionally large round of patches. Given the large number of changes, security experts advise organizations to test the updates first before rolling them out widely, to prevent unexpected compatibility or stability issues.