Top
Should you care?News

Microsoft just patched a record 570 flaws. Update now

The biggest Patch Tuesday in Microsoft's history is not a fluke. It is the first clear sign of what happens when AI is pointed at decades-old code, and the pace is not slowing.

A Windows update screen on a laptop.
Microsoft

Microsoft released fixes for a record 570 security vulnerabilities on July 14, the largest Patch Tuesday in the company's history, and if you run Windows you should install it now rather than later. Two of the flaws were already being exploited in real attacks before the patch existed.

The scale matters because it is not simply a big month. The previous record, set only last month, was 206. Counting everything Microsoft shipped across the month, the total passes 620, and security researchers tracking the release say the year-to-date CVE count already exceeds every previous full year on record. Roughly 1,380 vulnerabilities have been patched so far in 2026, and we are barely halfway through the year.

Fifty-nine of the July flaws are rated Critical. Around 250 are elevation-of-privilege bugs, the kind that turn a small foothold into full control. More than 400 affect Windows itself.

Three are zero-days, meaning they were publicly known or under attack before a fix existed. Two are confirmed as actively exploited: CVE-2026-56155, an Active Directory Federation Services flaw that hands an attacker administrator rights, and CVE-2026-56164, a SharePoint Server bug that lets an unauthenticated attacker elevate privileges over a network. CVE-2026-50661 is a publicly disclosed BitLocker bypass that matters most if a laptop is lost or stolen. CVE-2026-48561, a remote code execution bug in Microsoft Copilot, also carries a severe score.

Why there are suddenly so many

The explanation is not that Windows suddenly became worse. The tools for finding bugs became dramatically better. Microsoft has been open about this: advances in AI make it possible to find more issues, faster, across more code. The company is now running AI-powered scanning across the Windows codebase, surfacing years of latent flaws that human researchers never had the time to find.

The uncomfortable implication is symmetrical. If Microsoft's AI can find these bugs, so can an attacker's. That is why Microsoft now recommends installing Windows 11 quality updates within three days, and why organisations should shorten their update deferral windows.

The catch for some Dell PCs

In an awkward twist, Microsoft has blocked the July update on some Dell machines because affected devices can suffer unexpected shutdowns, poor performance, increased heat, and battery drain.

The cause traces to an optional preview update from June 23 that introduced a new Windows Connection Manager. That component can conflict with the Intel Innovation Platform Framework Processor Participant driver, which manages processor power and thermals on many Intel laptops. When the two clash, power management breaks down. Dell caught it during testing and Microsoft applied a compatibility hold.

If you own a Dell, open Device Manager and look for a warning next to that Intel driver. Do not force the update from the Microsoft Update Catalog to bypass the hold. The hold exists to protect you.

The Kenyan angle

In Kenya, many people run older Windows laptops for school, office work, cyber cafes, small business bookkeeping, church media desks, and side hustles. Those machines often sit behind weak backup habits and shared USB drives. A record Windows patch month is not abstract. It is the difference between a machine that stays useful and one that becomes a recovery job.

If you are on Windows 10, free Extended Security Updates for consumers are still available through October 12, 2027 for enrolled machines. That matters because many working laptops here are not ready for Windows 11.

The bigger lesson is the one to take forward. A record patch is not a one-off crisis. It is the new baseline, and the habit that protects you is boring and unglamorous: update quickly, every time.

FAQ

How many vulnerabilities did Microsoft fix in July 2026?

Microsoft fixed a record 570 vulnerabilities on Patch Tuesday itself, with the wider July total passing 620 depending on how monthly advisories are counted.

Why are there so many Windows vulnerabilities now?

Microsoft is using AI-powered scanning to find more flaws across the Windows codebase, which means more bugs are being found and patched faster.

Which July 2026 flaws are being exploited?

CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint Server are confirmed as actively exploited.

Why can some Dell PCs not install the July update?

Microsoft placed a compatibility hold because of a conflict between a new Windows USB-C component and an Intel power and thermal driver on some Dell PCs.

Should I install the update immediately?

Yes, unless your PC is under a compatibility hold. Microsoft recommends installing Windows quality updates within three days.

Sources

When AI finds bugs faster, the responsible response is not panic. It is faster patching.

Ask MAMBO

Have a plain-English question about this topic? Send it in and we may answer it in a future guide.

Ask a question