YYaaa News

Microsoft patches a record 570 flaws in one month — two of three zero-days were exploited

TL;DR

Microsoft patched a record 570 flaws in July; two of the three zero-days were already exploited.

Microsoft's July Patch Tuesday set a one-month record by patching 570 security flaws, nearly triple the 200 fixed in June. BleepingComputer reported the count from Microsoft product updates released on July 14. Fifty-nine were Critical, with 254 elevation-of-privilege flaws and 145 remote-code-execution flaws.

Two of three zero-days have been exploited. CVE-2026-56155 affects Active Directory Federation Services and can grant local administrative privileges. CVE-2026-56164 affects SharePoint Server and can let an unauthenticated remote attacker elevate privileges. Microsoft disclosed no attack-chain details.

CVE-2026-50661 is a publicly disclosed Windows BitLocker bypass with no detected exploitation. Physical access is required to bypass system-drive encryption. The 570 total excludes 468 Chromium flaws fixed by Google and ported to Microsoft Edge.

Microsoft executive Pavan Davuluri said AI is accelerating vulnerability discovery and analysis. Windows and SharePoint administrators can obtain the July fixes through Microsoft's Update Guide.

via BleepingComputer / Microsoft MSRC / Krebs on Security
Microsoft 單月修補創紀錄 570 個漏洞|3 個零日中 2 個已遭利用