Microsoft released software updates to fix at least 570 security vulnerabilities across Windows operating systems and other software this month, according to company data. This volume is nearly triple the number of flaws addressed in the previous month’s Patch Tuesday release, a surge Microsoft attributes to vulnerability discoveries aided by artificial intelligence.
The update cycle includes nearly 60 bugs with a “critical” severity rating, which Microsoft defines as flaws that could allow attackers or malware to seize remote control of a device with little to no user intervention. The company also patched three zero-day flaws, including two that are already being exploited in the wild.
Among the most significant fixes are two zero-day weaknesses that allow attackers to elevate user rights on a system. These include CVE-2026-56155, affecting Active Directory Federation Services, and CVE-2026-56164, a vulnerability in Microsoft SharePoint. Approximately 250 other elevation of privilege flaws were also addressed in this cycle.
AI Acceleration in Vulnerability Discovery
Microsoft Executive Vice President Pavan Davuluri stated in a July 9 blog post that users should expect a higher volume of security updates in each release moving forward. Davuluri attributed this trend to advances in AI, noting that these tools make it possible to find more issues faster across larger volumes of code through new mechanisms for discovery and analysis.

This shift toward AI-driven remediation is not unique to Microsoft. Chris Goettl of Ivanti observed that other major software providers are increasing their patch cadence. Adobe recently announced a move to twice-monthly security bulletins, published on the second and fourth Tuesday of each month, also citing AI as a driver for the acceleration. Other companies increasing their update frequency include Cisco, Mozilla, and Oracle; Google’s June 2026 patch batches totaled more than 900 security fixes, according to Goettl.
Critical Risks: Copilot and BitLocker
Security researchers have highlighted specific high-risk flaws within this release. Jack Bicer, director of vulnerability research at Action1, identified CVE-2026-48561 as a remote code execution flaw in Microsoft Copilot with a 9.6 CVSS threat score. According to Microsoft, an attacker could exploit this by hosting a malicious website that triggers Microsoft Edge for Android to send crafted prompts to Copilot automatically when a user visits the site.

Additionally, the update addresses CVE-2026-50661, a security feature bypass in Windows BitLocker. This bug could allow attackers to access encrypted data if they have physical access to the device. While Microsoft stated the bug has been detailed publicly, the company reported it is not aware of any active exploitation of this specific flaw.
The Shift in Exploitability Ratings
As AI accelerates discovery, experts argue that traditional risk assessment models are becoming obsolete. Microsoft utilizes an “exploitability index” to estimate how likely it is that attackers will find a reliable way to exploit a vulnerability. However, Satnam Narang, a senior staff research engineer at Tenable, argues this index must evolve to match “machine speed.”
Narang pointed to this month’s SharePoint zero-day as an example: Microsoft originally rated its exploitability as “less likely,” yet the flaw was added to the CISA Known Exploited Vulnerabilities list on July 1. Narang noted that findings from Anthropic’s Red Team showed the Mythos Preview model could produce proof-of-concept exploits for 13 out of 14 vulnerabilities that had been rated “Exploitation Less Likely” or “Exploitation Unlikely.”
This suggests a growing gap between human-centric risk ratings and the capabilities of AI tools used by attackers to devise working exploits for known software flaws.
User Guidance and System Stability
Due to the volume of patches in this release, some security professionals suggest a cautious approach to deployment. It is a documented occurrence for security patches to introduce system stability issues; the likelihood of such regressions probably increases with the gigantic patch count released today.

Users are encouraged to back up all Windows systems and data before applying these updates. In some cases, waiting a few days to see if widespread stability issues are reported by the community may be a prudent strategy before finalizing the installation.
Official updates can be managed through the Windows Update settings menu or via the Microsoft Security Update Guide for detailed technical documentation on each CVE.
The next scheduled Patch Tuesday update is expected in August, where Microsoft is likely to continue its AI-augmented discovery process.
Do you prioritize immediate patching or wait for stability reports? Share your experience with recent Windows updates in the comments below.
Keep reading