Tue, 14 Jul 2026
Markets
DJIA 44,210.31 +0.42% S&P 500 6,204.88 +0.31% NASDAQ 20,398.05 -0.18% RUSSELL 2000 2,271.14 +0.55% FTSE 100 8,786.20 -0.09% DAX 24,120.40 +0.26% NIKKEI 225 39,986.30 +1.02% HANG SENG 24,072.30 -0.44% US 10-YR 4.281% -0.03 CRUDE OIL $67.41 +0.68% GOLD $3,342.10 +0.21% BTC $61,845 -1.12% EUR/USD 1.1782 +0.14% DJIA 44,210.31 +0.42% S&P 500 6,204.88 +0.31% NASDAQ 20,398.05 -0.18% RUSSELL 2000 2,271.14 +0.55% FTSE 100 8,786.20 -0.09% DAX 24,120.40 +0.26% NIKKEI 225 39,986.30 +1.02% HANG SENG 24,072.30 -0.44% US 10-YR 4.281% -0.03 CRUDE OIL $67.41 +0.68% GOLD $3,342.10 +0.21% BTC $61,845 -1.12% EUR/USD 1.1782 +0.14%
Microsoft Just Patched a Record 570 Flaws in Windows

Microsoft Just Patched a Record 570 Flaws in Windows

This month's Patch Tuesday update also includes three zero-days.

If you're a Windows user, you may want to install the latest security update ASAP. Microsoft's July Patch Tuesday update fixes a record 570 bugs, including three zero-days that have been actively exploited or publicly disclosed. Previously, June's update was the largest ever, with patches for just over 200 flaws.

As BleepingComputer reports, the fixes are broken down across the following categories: 254 elevation-of-privilege vulnerabilities, 17 security feature bypass vulnerabilities, 145 remote-code-execution vulnerabilities, 102 information disclosure vulnerabilities, 16 spoofing vulnerabilities, and 35 denial-of-service vulnerabilities. Fifty-nine of the bugs are rated "critical" and include remote code execution, elevation of privilege, security bypass, and spoofing flaws. Note that these figures do not include other vulnerabilities patched by Microsoft earlier this month.

Microsoft patched these three Windows zero-days in July

Zero-days are the most dangerous type of security vulnerability. A zero-day is a flaw that has been actively exploited in the wild or publicly disclosed before the developer releases an official fix. Two of the zero-days addressed with this month's Patch Tuesday have been actively exploited, while one was publicly disclosed.

The first actively exploited zero-day, labeled CVE-2026-56155, is an elevation of privilege flaw in Active Directory Federation Services that allows an attacker to elevate privileges locally on your machine. Jeremy Kingston and Scott Clark, members of the Microsoft Detection and Response Team (DART), discovered this vulnerability.

The second actively exploited vulnerability (CVE-2026-56164) is also an elevation of privilege flaw, this one in Microsoft SharePoint Server. A missing authentication for "critical function" can allow an unauthorized attacker to elevate privileges over a network. Microsoft attributes this discovery to a handful of researchers: Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, FLARE OTF, and an anonymous individual.

The third zero-day addressed this month was publicly disclosed, but no known exploits are currently reported. CVE-2026-50661 is a security bypass flaw in Windows BitLocker that could allow an attacker with physical access to obtain encrypted data. Microsoft credits an anonymous researcher with this discovery.

How to install the July Patch Tuesday update

Patch Tuesday updates are typically released around 10 a.m. PT on the second Tuesday of every month. You should receive them automatically, but again, you'll want to make sure these fixes are installed on your device as soon as possible. Check your PC's update status under Start > Settings > Windows Update > Check for Windows updates and install the latest update available.