cd /news/artificial-intelligence/microsoft-patches-record-570-securit… · home topics artificial-intelligence article
[ARTICLE · art-62135] src=mlq.ai ↗ pub= topic=artificial-intelligence verified=true sentiment=· neutral

Microsoft Patches Record 570 Security Flaws in Single Update, Credits AI-Powered Discovery

Microsoft patched a record 570 security flaws in its July Patch Tuesday update, a 316% increase from the same month last year, crediting an AI-powered vulnerability discovery system for the surge. The update fixed three zero-day vulnerabilities, two of which were actively exploited in Active Directory Federation Services and SharePoint Server.

read4 min views1 publishedJul 16, 2026
Microsoft Patches Record 570 Security Flaws in Single Update, Credits AI-Powered Discovery
Image: Mlq (auto-discovered)
  • Microsoft's July Patch Tuesday fixed a record 570 vulnerabilities — a 316% increase from 137 in July 2025 and nearly triple the 200 patched in June 2026 [1] - The company credited an AI-powered vulnerability discovery system deployed across its Windows codebase for the surge in detections [2] - Three zero-day flaws were patched, including two actively exploited in Active Directory Federation Services and SharePoint Server [1] - 59 of the 570 vulnerabilities were rated critical, with 48 enabling remote code execution across products including Office, Exchange, and SQL Server [1] - Microsoft EVP Pavan Davuluri said 'the pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster'

[3] Microsoft on Tuesday released security fixes for a record 570 vulnerabilities across its product line, the largest single Patch Tuesday in the company's history. The company explicitly credited an AI-powered vulnerability discovery system it recently deployed to scan its Windows codebase for the unprecedented volume of detections [1] [2].

The July release dwarfs previous months: it represents a 316% increase from the 137 flaws patched in July 2025 and a 185% jump from the 200 vulnerabilities fixed in June 2026 [4]. Of the 570 flaws, 59 were rated critical — 48 of which enable remote code execution — and three were zero-day vulnerabilities, with two already being exploited by attackers in the wild

.

[1]The update touches virtually every major Microsoft product, including Office (Excel, Word, PowerPoint, SharePoint), Active Directory, Exchange Server, SQL Server, Hyper-V, Remote Desktop Client, and the Windows kernel [1]. Microsoft now recommends enterprises install Windows 11 quality updates within three days, citing AI-driven cyberattacks that exploit new vulnerabilities faster than ever

.

[4]## The Zero-Days Two of the three zero-day vulnerabilities were already under active exploitation before Tuesday's patches. CVE-2026-56155 affects Active Directory Federation Services and allows an authenticated attacker to escalate privileges to administrator level. It was discovered internally by Microsoft's Detection and Response Team (DART) [1].

CVE-2026-56164 targets Microsoft SharePoint Server, where a missing authentication check enables an unauthorized network attacker to remotely escalate privileges. Microsoft recommended enabling the Antimalware Scan Interface (AMSI) and setting Request Body Scan to Full as a mitigation [1].

The third zero-day, CVE-2026-50661, is a BitLocker Security Feature Bypass that allows an attacker with physical access to a device to read encrypted data on storage devices. It was publicly disclosed before the patch was available [1].

AI as the Engine #

Microsoft had warned in recent weeks that the volume of its security updates would increase as it deployed AI-powered tools to hunt for bugs proactively. The company said its system scans the Windows codebase to identify flaws before threat actors can exploit them [2].

The sheer volume underscores a broader shift in the cybersecurity landscape: AI is accelerating both offense and defense simultaneously. Microsoft is not alone — Google released more than 900 security fixes in June 2026, similarly fueled by automated detection [3].

The Full Breakdown #

The 570 vulnerabilities break down by type as follows: 254 elevation-of-privilege flaws, 145 remote code execution bugs, 102 information disclosure issues, 35 denial-of-service vulnerabilities, 17 security feature bypasses, and 16 spoofing flaws [1].

The 59 critical-severity issues are concentrated in remote code execution (48), elevation of privilege (9), security bypass (1), and spoofing (1). Affected products span enterprise staples like Exchange Server and SQL Server alongside consumer-facing software like Office and Windows Media Foundation [1].

Industry Reaction #

Security researchers flagged both the scale and the implications of AI-accelerated vulnerability discovery. Satnam Narang, a senior staff research engineer at Tenable, warned that current exploit-risk models are calibrated for human attackers, not AI-powered ones. 'The exploitability index is centered around humans, not AI tools,' Narang said, noting that attackers are increasingly using AI to rapidly develop exploits for known vulnerabilities [3].

Adobe, Cisco, Mozilla, and Oracle are all similarly accelerating their own patch cycles, suggesting the industry is entering a new phase where AI-driven discovery — on both sides — compresses the window between disclosure and exploitation [3].

What's Next #

Microsoft's signal is clear: patch volumes will continue rising as AI scanning matures. The company's new guidance urging enterprises to apply updates within three days — rather than the traditional monthly cadence many organizations follow — reflects an environment where the gap between patch release and exploit development is shrinking rapidly [4].

Microsoft shares rose 2.8% on the day to $395.63, giving the company a market capitalization of roughly $2.94 trillion. The stock is down about 18% year-to-date amid broader pressure on large-cap tech [5].

Companies mentioned #

Further sources #

[1] BleepingComputer: Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 … ↗

[2] TechCrunch: Microsoft patches record number of security vulnerabilities, citing… ↗

[3] Krebs on Security: Microsoft Patches a Record 570 Security Flaws ↗ [4] WindowsLatest: Microsoft patched a record 570 Windows 11 flaws in July, 4x last… ↗

[5] FMP stock quote for MSFT, accessed July 16, 2026 ↗ The stories that matter, in one email. Free — unsubscribe anytime.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @microsoft 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/microsoft-patches-re…] indexed:0 read:4min 2026-07-16 ·