- Microsoft’s July 2026 Patch Tuesday fixed a record 622 vulnerabilities, including 58 critical, two exploited in the wild and one publicly disclosed, as well as 428 Chromium bugs.
- Actively exploited vulnerabilities include CVE‑2026‑56155 (AD FS privilege escalation) and CVE‑2026‑56164 (SharePoint privilege escalation), as well as notable issues in BitLocker and Copilot.
- The increase in patching is linked to Microsoft’s use of Anthropic’s Mythos AI, with patching volumes increasing sharply since its adoption.
Microsoft has released its July 2026 Patch Tuesday download, marking another record-breaking update, fixing hundreds of flaws across the ecosystem.
The release, which is currently rolling out to Microsoft users, fixes a staggering 622 vulnerabilities, including 58 of critical severity, two that have been observed to be exploited in the wild, and one that has already been publicly disclosed.
In addition to this, Microsoft has also provided fixes for 428 other Chromium bugs.
A leap in numbers
There are simply too many vulnerabilities to mention them all, but two of them are being exploited in the wild: CVE-2026-56155 and CVE-2026-56164. The first is described as an “insufficient granularity of access control in Active Directory Federation Services (AD FS)” bug, which allows an authorized attacker to elevate privileges locally. It has a severity score of 7.8/10 (high).
The latter is a “Missing authentication for a critical function in Microsoft Office SharePoint” bug that allows an unauthorized attacker to elevate privileges on a network. Microsoft gave it a medium severity score (5.3/10), but the National Vulnerability Database gave it a 9.8/10 (critical).
Other notable notices include CVE-2026-50661, a protection mechanism failure in Windows BitLocker that allows unauthorized attackers to bypass a security feature with a physical attack, and CVE-2026-48561, an improper override of special elements used in a command in Microsoft Copilot, which allows an unauthorized attacker to execute code over a network.
If you think patching 622 vulnerabilities in a month is a lot, you’re absolutely right. This is well above what Microsoft is used to, and is likely because the company is now using the legendary Mythos – Anthropic’s cybersecurity-focused AI.
In June 2026, about a month and a half after Mythos’ release, Microsoft fixed 206 flaws, which raised eyebrows because it was significantly higher than the company’s usual number of bugs fixed.
In May it fixed 120 flaws, in April 167, and in March – 79.

The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




