Microsoft’s July 2026 Patch Tuesday is the largest security release the company has ever shipped: 570 vulnerabilities fixed in a single month, including two zero-days under active exploitation and a third publicly disclosed before patching. For comparison, Microsoft’s previous record months hovered around 160–180 CVEs. July nearly tripled that.

And buried in the coverage is the most consequential detail: Microsoft attributes the unprecedented volume in part to an AI-powered vulnerability-discovery system it recently deployed to scan its own Windows codebase for flaws before attackers find them.

The Three Zero-Days

CVE-2026-56155 — Active Directory Federation Services (AD FS) elevation of privilege, exploited in the wild. An authenticated attacker can elevate privileges to administrator level on AD FS — the identity federation layer that, in many enterprises, brokers single sign-on between on-prem Active Directory and cloud services. Notably, Microsoft credited discovery to Jeremy Kingston and Scott Clark of Microsoft’s Detection and Response Team (DART) — the company’s incident-response unit — a strong signal the flaw was uncovered during investigations of live attacks. AD FS compromise has been a nation-state favorite since the SolarWinds-era Golden SAML technique: control the federation server and you can mint tokens impersonating anyone.

CVE-2026-56164 — Microsoft SharePoint Server elevation of privilege, exploited in the wild. Missing authentication for a critical function allows an attacker to elevate privileges remotely. SharePoint has been under relentless attack all year — CISA has already added multiple 2026 SharePoint CVEs to the Known Exploited Vulnerabilities catalog, including the CVE-2026-45659 RCE we covered earlier this month, and warned about three actively exploited SharePoint flaws just this week. On-prem SharePoint is now firmly in the same category as VPN appliances: internet-facing, credential-rich, and continuously probed.

CVE-2026-50661 — BitLocker security feature bypass, publicly disclosed. An attacker with physical access to a device could bypass BitLocker and reach encrypted data. Physical-access bugs rank lower for most threat models, but for organizations whose laptops travel — executives, journalists, government users — a public BitLocker bypass with no patch applied is exactly what border searches and evil-maid attacks are made of.

The Critical Count

Beyond the zero-days, the release addresses 59 vulnerabilities rated Critical — 48 of them remote code execution, 9 elevation of privilege, plus a security bypass and a spoofing flaw. Even a routine month would call that heavy; inside a 570-CVE release, it means patch-management teams must triage rather than sequentially process. The zero-days, the critical RCEs in internet-facing roles (SharePoint, Windows networking components), and anything on the CISA KEV list come first.

What 570 CVEs Actually Means

The number deserves scrutiny, because it marks a structural shift rather than a suddenly worse Windows.

Microsoft’s explanation — an internal AI system hunting vulnerabilities in the Windows codebase at scale — means a meaningful share of these 570 flaws were found by machines, reported internally, and fixed before any attacker touched them. That is the defensive best case for AI in security, and it mirrors what Google has reported with its Big Sleep project and what CISA has been urging vendors to adopt.

But it cuts both ways, and defenders should be clear-eyed about the implications:

  • Attackers run the same play. The same class of AI tooling that finds bugs for Redmond finds bugs for ransomware crews — and this week’s separate news that a Russian-speaking actor jailbroke Gemini CLI into an intrusion agent shows offensive adoption isn’t theoretical.
  • Patch volume is now a denial-of-service on patch teams. If AI-assisted discovery makes 400–600 CVE months the new normal, organizations still patching on monthly manual cycles will fall permanently behind. Risk-based prioritization (KEV, EPSS, exposure) stops being a maturity goal and becomes table stakes.
  • N-day windows matter more, not less. Every fixed flaw ships with a diff that AI tooling can reverse into an exploit faster than ever. The gap between “patch released” and “exploit in the wild” keeps shrinking; the gap between “patch released” and “patch applied” mostly hasn’t.

Priorities This Week

  1. AD FS servers: patch CVE-2026-56155 immediately; while you’re there, review AD FS for the monitoring basics (event 501/1102 auditing, certificate change alerts).
  2. On-prem SharePoint: patch CVE-2026-56164 and the rest of this year’s SharePoint chain; if a farm doesn’t need internet exposure, remove it.
  3. Mobile fleets: schedule the BitLocker fix for traveling devices first.
  4. Everything else: sort by KEV listing and internet exposure, not CVSS alone. In a 570-CVE month, the score alone won’t save you.

Sources