Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Microsoft Patches 570 CVEs in Record Patch Tuesday

July 15, 2026

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

July 15, 2026

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

July 15, 2026
Facebook X (Twitter) Instagram
Wednesday, July 15
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Microsoft Patches 570 CVEs in Record Patch Tuesday
News

Microsoft Patches 570 CVEs in Record Patch Tuesday

Team-CWDBy Team-CWDJuly 15, 2026No Comments4 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Microsoft has released updates for an unprecedented 570 CVEs during this month’s Patch Tuesday on July 14.

The patch deluge came after warnings from the tech giant that its use of agentic AI to find new flaws would lead to an increase in security updates for customers.

Trey Ford, chief strategy and trust officer at Bugcrowd, said this was the new normal for the foreseeable future.

“The real story is economic. AI has collapsed the cost of finding vulnerabilities, and this increase in volume is a new floor, not the ceiling … at least for a while,” he added. 

“Leadership teams need to stop treating patch volume as a monthly surprise, we must fund it as a fixed operating cost, because the intake will not be going back down for a while. The organizations that win won’t be the ones that patch fastest this month. They’ll be the ones who built a process that scales when the next couple months continue to increase.”

Read more on vulnerability management: Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities

Among the vulnerabilities in July’s Patch Tuesday are three zero-day vulnerabilities; two of which have been exploited in the wild.

CVE-2026-56155 is an elevation of privilege (EoP) vulnerability in Active Directory Federation Services which allows an authorized attacker to elevate privileges locally. 

“Eight other vulnerabilities are also published today in Active Directory Federation Services, all ranked as Important on Microsoft’s proprietary severity ranking scale,” explained Rapid7 principal software engineer, Adam Barnett.

“The advisory doesn’t explicitly describe the location of the attacker, but it’s likely that an attacker would need an existing toehold on the target system to chain together with the elevation of privilege opportunity on offer here.”

The second exploited zero-day is CVE-2026-56164, another EoP bug but this time in Microsoft SharePoint Server. No existing privileges are required to launch an attack, and exploitation has been branded “low complexity” by Microsoft.

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to harden their SharePoint systems in response to exploitation of this and two other vulnerabilities published earlier this year.

The publicly disclosed zero day is CVE-2026-50661: a Windows BitLocker security feature bypass flaw which could allow attackers to access encrypted data. Exploitation would require an unauthorized attacker to have physical access to a target machine.

A New Era of Mass Updates

In total, July’s Patch Tuesday saw the release of updates for 254 EoP vulnerabilities, 145 remote code execution (RCE) bugs, and 102 information disclosure flaws. Fifty-nine were rated critical, of which the vast majority (48) were RCE flaws.

However, Microsoft isn’t the only vendor to increase its volume of updates for users. Google fixed over 460 Edge/Chromium flaws this month, and Adobe recently switched its patching cadence to twice a month.

Qualys security research manager, Mayuresh Dani, commented, “This trend was predicted and we’re seeing the evidence of it happening now. As more advanced and frontier AI models become available, we can expect an upward trend to continue and then slow down.”

“What we’re observing is that AI automated fuzzing, LLM-assisted variant hunting, and static analysis at scale are discovering bugs faster than enterprises can remediate.”

Qualys urged organizations to:

  • Move from CVSS-only prioritization to Exploit Prediction Scoring System (EPSS) and CISA KEV
  • Graduate to a tiered-patching SLA mechanism. For example, a KEV-listed CVE or EPSS >0.5 should be patched within 24-36 hours. Classification should be risk-based and will be different each organization 
  • Introduce attack surface reduction and mitigation mechanisms, such as ensuring systems like Active Directory Federation Service aren’t internet-connected, on-premises SharePoint doesn’t have public access, and remote management tools aren’t reachable from anywhere
  • Improve patching practices so it is easier to validate updates, and monitor installs and system stability on a select group with automated rollback support. Approved patches should then be pushed to all required systems



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleTop AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Team-CWD
  • Website

Related Posts

News

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

July 15, 2026
News

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

July 15, 2026
News

Five Charged in “Russian Coms” Fraud Platform Case

July 14, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Look out for phony verification pages spreading malware

September 14, 2025

AI-powered financial scams swamp social media

September 11, 2025

Is it time for internet services to adopt identity verification?

January 14, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.