Microsoft · 2026-07-15 · major
Microsoft July Patch Tuesday — record 570 fixes as AI-driven bug hunting spikes
Microsoft's July 2026 Patch Tuesday fixes 570 flaws, its biggest single release ever, including 3 zero-days and a 9.6-CVSS Copilot RCE. Microsoft credits AI-assisted vulnerability discovery for the spike.

Microsoft ships its biggest-ever monthly patch and says AI is why it can find so many bugs at once.
Key specs
| Vulnerabilities fixed | 570 |
|---|---|
| Zero days | 3 |
| Copilot rce cvss | 9.6 |
Quick facts
| Vendor | Microsoft |
|---|---|
| Cycle | July 2026 Patch Tuesday |
| CVEs fixed | 570 (record) |
| Zero-days | 3 (2 exploited) |
| Critical | ~60 flaws |
| Notable CVE | CVE-2026-48561 — Copilot RCE, CVSS 9.6 |
| Driver | AI-assisted vulnerability discovery |
What is it?
The July 2026 Patch Tuesday from Microsoft closes 570 vulnerabilities across Windows, Office, Azure, and Copilot — nearly triple last month's release and about four times last July's total. Three of the flaws are zero-days, two of them already being exploited in the wild.
How does it work?
Microsoft is now running AI-assisted vulnerability discovery across its codebase, scanning legacy code for latent bugs before external researchers or attackers find them. EVP Pavan Davuluri said the pace of discovery is changing because AI can search more code, faster, than a human red team.
Why does it matter?
The Patch Tuesday spike is one of the first concrete data points on AI's impact on defensive security at hyperscale. It also means an unusually urgent patch cycle for admins: CVE-2026-48561 is a 9.6-CVSS remote code execution in Copilot itself, and CVE-2026-56164 is an already-exploited SharePoint privilege escalation.
Frequently asked questions
- Why did Microsoft patch so many vulnerabilities this month?
- Microsoft's July 2026 Patch Tuesday hit 570 fixes because the company is running AI-assisted vulnerability discovery across its own codebase. EVP Pavan Davuluri said AI can now scan far more code far faster than a human red team, surfacing latent bugs in legacy Windows components that had gone unnoticed for years.
- Which zero-days are the July 2026 update most urgent for?
- Two of the three zero-days are already being exploited: CVE-2026-56164, a SharePoint elevation-of-privilege bug, and CVE-2026-56155, a Windows Server ADFS privilege-escalation flaw. Admins running SharePoint or ADFS should treat the July cumulative update as urgent.
- Is Microsoft Copilot itself affected?
- Yes. CVE-2026-48561 is a Copilot remote-code-execution flaw with a 9.6 CVSS score that allows an unauthenticated attacker to execute code over the network. Copilot users should confirm their tenant is updated per Microsoft's Copilot advisory.
- How does this compare to last year's Patch Tuesdays?
- The 570 CVEs in July 2026 are about four times last July's total and roughly triple last month's release. Microsoft has patched 1,308 vulnerabilities in the first seven months of 2026 — almost double the same window in 2025 — a jump the company attributes to AI-driven bug hunting.
Try it
Windows and Windows Server admins should apply the July 2026 cumulative update immediately.