Microsoft Patches Record 570+ Vulnerabilities, Including Three Actively Exploited Zero-Days

A notable Copilot vulnerability—CVE-2026-48561—is a remote code execution flaw in Microsoft Copilot that could be exploited over the network, highlighted as a high-severity issue in the July Patch Tuesday roundup.
Microsoft’s July Patch Tuesday breakdown shows 416 Windows fixes and 164 Office fixes, underscoring how the update volume spans core OS components and productivity software.
A critical Windows VMSwitch vulnerability, CVE-2026-57092, carries a near-maximum CVSS score (9.9) and is flagged as a remote code execution risk.
Two notable flaws with exploitation risk are in Exchange Server (XSS, CVE-2026-55008) and Remote Desktop Protocol (RDP, CVE-2026-56190), reflecting high-priority targets for defenders.
Mitigation guidance emphasizes prioritizing on-premises SharePoint farms and related identity infrastructure, with mitigations such as scanning for malicious POST requests to detect exploit chains.
Microsoft has patched a record-breaking 570 to 622 security flaws in its July Patch Tuesday update — more than triple June's previous high of around 200 vulnerabilities Krebs on Security. The release includes fixes for two zero-days already being exploited in the wild, plus a third flaw that was publicly disclosed before a patch existed Lifehacker.
The sheer scale of the release has security researchers calling it 'Patchpocalypse.' Of the total, 428 CVEs affect Microsoft's Edge browser via Chromium bugs, and 57 flaws are rated critical The Register. Microsoft says AI tools helped find many of the new vulnerabilities, driving the surge in volume Krebs on Security.
The most urgent fixes cover two flaws under active attack. CVE-2026-56164 is a remote code execution (RCE) bug in SharePoint Server — software many companies run on their own networks. CVE-2026-56155 is an elevation-of-privilege flaw in Active Directory Federation Services, a tool used to manage user logins Real Hacker News. Both are being used by attackers right now.
A third zero-day, CVE-2026-50661, is a BitLocker bypass. BitLocker is Windows' built-in disk encryption tool. This flaw was publicly shared before Microsoft could patch it, meaning attackers had a head start Lifehacker. Security teams are urged to patch on-premises SharePoint farms and identity systems first, since attackers are chaining multiple flaws together to take full control of systems Krebs on Security.
One flaw stands out for its severity. CVE-2026-57092, a bug in Windows VMSwitch, earns a CVSS score of 9.9 out of 10. CVSS is a standard scale for rating how dangerous a flaw is — 10 is the worst possible. This RCE bug lets attackers run malicious code over a network without touching the target machine Lifehacker.
Microsoft Copilot also gets a critical patch. CVE-2026-48561 is a high-severity RCE flaw that could be triggered over a network connection Cisco Talos. Exchange Server and Remote Desktop Protocol (RDP) round out the high-priority list, with CVE-2026-55008 (an XSS attack in Exchange) and CVE-2026-56190 (an RDP flaw) both flagged as serious risks for defenders to watch Cisco Talos.
The July update covers nearly every corner of Microsoft's software. Windows alone accounts for 416 fixes. Office products add another 164 patches Lifehacker. The rest span Azure, Defender, Exchange, and more. The breadth means almost every Microsoft user — home or business — is affected in some way.
Microsoft credits AI-assisted security research for the jump in discovered flaws. That's a double-edged sword: AI finds bugs faster, but it also means patch cycles will likely stay heavy Krebs on Security. Last month's record of roughly 206 CVEs already felt large. This month's 570-plus shatters that bar entirely.
Security experts say to focus on on-premises SharePoint servers first. Attackers are combining the SharePoint RCE with privilege-escalation bugs to fully compromise systems in a single attack chain. One way to spot these attacks early: scan server logs for unusual POST requests, which are the web commands attackers use to trigger the exploit Real Hacker News.
For regular Windows users, the fix is simpler. Go to Settings, then Windows Update, and install available patches. Microsoft pushes these automatically for most home users, but IT teams managing large networks should verify deployment quickly Lifehacker. Given the active exploitation of two zero-days, waiting is not a safe option this month.
Publishers
16
Articles
10
Reach
26