2 min read

Microsoft ships 622 fixes in record Patch Tuesday

Microsoft’s July 2026 Patch Tuesday fixes a record 622 vulnerabilities, including three zero-days and 428 Chromium bugs.

Image: TechRadar

Microsoft posts its biggest Patch Tuesday yet

Microsoft has released its July 2026 Patch Tuesday update, and the scale is unusual even by the company’s standards. The rollout addresses a record 622 vulnerabilities across Microsoft’s ecosystem, including 58 critical flaws.

According to TechRadar, the release also covers three zero-days: two exploited in the wild and one publicly disclosed. On top of the Microsoft fixes, the company also shipped patches for 428 Chromium bugs.

The zero-days drawing the most attention

TechRadar says two of the flaws were already being abused in real-world attacks.

  • CVE-2026-56155: an “Insufficient granularity of access control in Active Directory Federation Services (AD FS)” vulnerability that lets an authorized attacker elevate privileges locally. It carries a 7.8/10 severity score, rated high.
  • CVE-2026-56164: a “Missing authentication for critical function in Microsoft Office SharePoint” flaw that allows an unauthorized attacker to elevate privileges over a network. Microsoft rated it 5.3/10 (medium), while the National Vulnerability Database scored it 9.8/10 (critical).

Other notable flaws

Among the other vulnerabilities highlighted by TechRadar:

Recommended reading

OpenAI’s first gadget is a $230 coding keypad

  • CVE-2026-50661, a protection mechanism failure in Windows BitLocker that could let an unauthorized attacker bypass a security feature through a physical attack.
  • CVE-2026-48561, an improper neutralization of special elements used in a command in Microsoft Copilot flaw that could allow an unauthorized attacker to execute code over a network.

Why the patch count jumped

TechRadar links the spike to Microsoft’s use of Mythos, described as Anthropic’s cybersecurity-oriented AI. The outlet notes that patch volumes have climbed sharply since its adoption.

The month-to-month numbers cited by TechRadar show the jump clearly:

  • March 2026: 79 flaws fixed
  • April 2026: 167 flaws fixed
  • May 2026: 120 flaws fixed
  • June 2026: 206 flaws fixed
  • July 2026: 622 flaws fixed

TechRadar says June 2026, roughly a month and a half after the release of Mythos, had already raised eyebrows because 206 fixes was well above Microsoft’s usual volume. July pushes that trend much further, with 622 vulnerabilities addressed in a single Patch Tuesday release.

Tomas Berg

Computing Editor

Tomas lives in the terminal. He covers chips, laptops, and operating systems with a focus on performance and efficiency. He reads kernel changelogs the way other people read fiction, and he's always on the hunt for the perfect mechanical keyboard switch. If it processes data, Tomas has an opinion on it.

via TechRadar

// Keep reading