Microsoft patches a record 570 security flaws, and says AI found them

The company's biggest-ever monthly security update includes two bugs already being used by hackers. AI tools are why the number is so high, and why it will stay high.

AI2Day Newsdesk· 3 min read
Photoreal news-editorial overhead shot of a darkened security operations center desk, multiple monitors glowing blue with abstract vulnerability dashboards and
Share

Key points

  • Microsoft patched 570 security vulnerabilities on 15 July 2026, the most it has ever released in a single monthly update.
  • At least two of those flaws were zero-days, meaning attackers were already exploiting them before Microsoft knew they existed.
  • One zero-day lets an attacker on a Windows Server machine quietly promote themselves from a regular user to a full administrator.
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that a second zero-day, in Microsoft's SharePoint file-sharing software, was being actively used to break into organisations.
  • Microsoft says AI tools helped its staff find more hidden bugs, and promises patch numbers will stay high as a result.

Every second Tuesday of the month, Microsoft releases a bundle of software fixes for Windows, Office, and its other products. Security researchers call it "Patch Tuesday." This week's bundle broke every record that came before it.

Microsoft issued patches for 570 separate security flaws on Tuesday, 15 July 2026. For context, a typical Patch Tuesday covers somewhere between 60 and 130 issues. Five hundred and seventy is a different order of magnitude entirely.

The company had warned this was coming. A week earlier, in a public blog post, Microsoft's Windows chief Pavan Davuluri said monthly patch counts would climb. The reason: Microsoft is now using AI to help its engineers hunt for bugs buried inside its code.

"As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release," Davuluri wrote.

Some of Microsoft's Windows code is decades old. AI tools can scan it far faster than a human reviewer, and they catch patterns that human eyes often miss. The result is a backlog of old, hidden vulnerabilities finally coming to light, all at once.

Should ordinary users be worried?

For most people running Windows with automatic updates switched on, the answer is no, as long as you let the update install. The patches fix the problems. The danger is in delaying.

Two of this week's flaws demand particular attention. Both are zero-days, meaning criminal hackers found and used them before Microsoft had a fix ready.

The first targets Windows Server, the version of Windows that businesses use to run their internal networks. It lets an attacker who already has limited access to a machine quietly grant themselves full administrator control. That kind of access lets them read files, install software, and move through a company's network.

The second zero-day sits in SharePoint, Microsoft's tool for sharing and storing files inside organisations. CISA, the U.S. government agency that tracks active cyber threats, confirmed attackers are using this flaw right now to compromise real organisations. Krebs on Security first reported the full scope of the patch release.

If your workplace uses SharePoint, tell your IT team today that the July Patch Tuesday update is urgent.

Watch for these signs your organisation may already be affected:

  • Unexpected new user accounts appearing with administrator-level access.
  • SharePoint files accessed or modified at unusual hours.
  • Any IT alert flagging privilege escalation, which means a user account suddenly gaining more permissions than it should have.
© 2026 AI2Day