Technology

Microsoft patches record 569 vulnerabilities, including three zero-days

Microsoft’s July patch cycle hit 569 CVEs, but two zero-days were already being exploited as defenders faced another record cleanup.

Lisa Park··2 min read
Published
Listen to this article0:00 min
Microsoft patches record 569 vulnerabilities, including three zero-days
Source: tenable.com

Microsoft’s July 2026 Patch Tuesday fixed 569 CVEs, the largest release on record, and Tenable said three of the flaws were zero-days. Two of those zero-days were already being exploited in the wild, putting immediate pressure on Windows customers and security teams trying to keep up with a monthly update stream that has grown far beyond routine maintenance. Microsoft said its multi-model agentic scanning harness, MDASH, is helping identify vulnerabilities faster and should lead to more security updates in future releases.

The July batch included 56 critical vulnerabilities, 510 important ones and 3 moderate issues. Tenable said the previous Patch Tuesday record was 198 CVEs in June, a benchmark that had already looked unusually heavy before July broke it again. The Microsoft Security Response Center, part of the defender community and on the front line of security response, is now operating in a cycle where the volume of fixes is climbing as quickly as the list of threats.

AI-generated illustration
AI-generated illustration

June had already forced a broad cleanup. CrowdStrike said Microsoft addressed 206 vulnerabilities in its June 2026 Patch Tuesday, including three publicly disclosed zero-days. One of those June flaws in Windows Collaborative Translation Framework, or CTFMON, could let a low-privileged local attacker gain SYSTEM privileges. Another BitLocker vulnerability required physical access, but could still let an attacker bypass BitLocker Device Encryption and reach encrypted data.

Data visualization chart
Data Visualisation

HiveLegacy has become part of that same defender whiplash. Security researchers described HiveLegacy as a “powerful primitive” and said it was likely capable of other nefarious actions, language that signals more than a narrow bug and raises the odds of broader abuse if it is left unpatched or misunderstood.

Microsoft’s own guidance now reflects that pace. The company said MDASH is helping identify vulnerabilities faster, and that customers should expect a higher volume of security updates in each release. For enterprises that manage large Windows fleets, the problem is no longer simply installing patches on schedule. It is absorbing record-breaking batches, prioritizing the flaws already under exploitation and closing off attack paths before they become the next active incident.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Technology