Microsoft Unleashes Record 622 Security Fixes in Historic Patch Tuesday

Published:

spot_img

Microsoft Unleashes Record 622 Security Fixes in Historic Patch Tuesday

On Tuesday, Microsoft announced the release of fixes for over 600 security vulnerabilities, marking July as the largest Patch Tuesday in the program’s history. This month’s release of 622 Common Vulnerabilities and Exposures (CVEs) is more than triple the size of the previous record set just last month. The surge in vulnerability counts this year has raised significant concerns within the cybersecurity community, as July’s release alone surpasses the total of the three preceding months combined.

A Shift in Reporting Practices

In a notable departure from its usual reporting methods, Microsoft’s Security Update Guide has ceased to list individual CVEs for these vulnerabilities. Instead, the guide now features a summary table that categorizes bugs by product family, along with a section highlighting “Notable CVEs.” While individual advisories for each CVE remain accessible, this change complicates the process for cybersecurity defenders who must now synthesize information from various advisory feeds to understand the full scope of vulnerabilities.

Adam Barnett from Rapid7 observed that this trend reflects an industry-wide increase in vulnerability reports. He noted that the uptick in published remediations serves as a trailing indicator of this phenomenon. The release of patches initiates a cycle in which attackers analyze the updates to identify and exploit unpatched systems, a process often referred to as “Exploit Wednesday.” The reduced detail in advisories may hinder defenders’ ability to effectively triage vulnerabilities.

The Role of AI in Vulnerability Discovery

Microsoft and industry analysts have suggested that the rise in discovered vulnerabilities may be linked to the use of AI-assisted tools. Although the company did not specify how many of the CVEs released this month were identified using such technologies, it has previously disclosed its use of an internal AI system named MDASH to locate security flaws in its software. Tom Gallagher, vice president of engineering at Microsoft’s Security Response Center, indicated that the trend of larger releases is expected to continue.

In April, the UK’s National Cyber Security Centre (NCSC) cautioned organizations to prepare for a wave of urgent updates. While this wave appears to have materialized, a corresponding increase in cyberattacks has not yet been observed. Jerry Gamblin, an engineer at Cisco, highlighted that while the volume of vulnerabilities has dramatically increased, the number of exploited vulnerabilities has not followed suit. Out of more than 35,000 CVEs published in the first half of this year, only 85—approximately 0.24%—have appeared in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.

Active Exploits in the Wild

Among the vulnerabilities addressed this month, Microsoft reported that two are currently being exploited. The first, CVE-2026-56164, is an elevation-of-privilege vulnerability in on-premises SharePoint Server that allows unauthenticated attackers to escalate privileges over the network. Rated as “Important” with a CVSS score of 5.3, this flaw poses a significant risk.

The second vulnerability, CVE-2026-56155, affects Active Directory Federation Services and enables authenticated attackers to escalate privileges locally. Both vulnerabilities were discovered by Microsoft’s incident-response unit, DART, although neither was included in CISA’s KEV catalog as of Wednesday morning.

Additionally, CVE-2026-55040, a security feature bypass in SharePoint, has drawn attention. Discovered by Rapid7 researcher Stephen Fewer, this vulnerability is part of an exploit chain leading to unauthenticated remote code execution on vulnerable servers. The second vulnerability in this chain remains embargoed, with Microsoft expected to address it in August. Rapid7 rates the bypass at 5.3, while Trend Micro’s Zero Day Initiative assigns it a score of 9.1.

Other Notable Vulnerabilities

The release also addresses CVE-2026-50661, a publicly disclosed BitLocker security feature bypass that allows physical attackers to circumvent drive encryption. Rapid7 noted that this advisory aligns with a vulnerability announced under the name GreatXML by the pseudonymous researcher Nightmare Eclipse, who has been in a protracted standoff with Microsoft. Although Microsoft has not confirmed this connection, the ongoing situation raises questions about the effectiveness of current patching strategies.

Nightmare Eclipse has been posting working exploit code for unpatched Windows vulnerabilities on GitHub since April. Although the researcher initially threatened to release new exploits coinciding with this Patch Tuesday, they later moderated that stance. Instead, a new proof-of-concept named LegacyHive emerged, allowing non-privileged users to mount another user’s registry hive.

In a separate incident, Microsoft issued an out-of-band update on July 8 to patch CVE-2026-50656, known as RoguePlanet, after Nightmare Eclipse published proof-of-concept code following June’s Patch Tuesday. The researcher has since claimed that the patch introduces a disk-exhaustion vector, further complicating the security landscape.

As the cybersecurity community grapples with these developments, the implications of Microsoft’s record-setting Patch Tuesday will likely resonate throughout the industry. The increasing volume of vulnerabilities, coupled with the evolving tactics of cyber adversaries, underscores the need for robust security measures and proactive vulnerability management.

Source: therecord.media

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

Dutch Police Arrest Key Figure in €100M Global Crypto Investment Scam

Dutch Police Arrest Key Figure in €100M Global Crypto Investment Scam A significant investigation into a global cryptocurrency investment scam has culminated in the arrest...

Agentic AI Reshapes Enterprise Transformation Across the Middle East, Says Tech Mahindra Official

Agentic AI Reshapes Enterprise Transformation Across the Middle East, Says Tech Mahindra Official In the rapidly evolving landscape of artificial intelligence, Agentic AI is emerging...

Security Middle East Conference 2026: Connect, Learn, and Lead Amid Evolving Regional Challenges

Security Middle East Conference 2026: Connect, Learn, and Lead Amid Evolving Regional Challenges The Security Middle East Conference is set to reconvene on November 29,...

TCS and Google Cloud Strengthen AI Innovation with Launch of Gemini Experience Center in Kolkata

TCS and Google Cloud Strengthen AI Innovation with Launch of Gemini Experience Center in Kolkata MUMBAI, July 16, 2026 — Tata Consultancy Services (TCS), a...