- Microsoft’s July 2026 patch Tuesday fixed a record 622 vulnerabilities, including 58 critical, two exploited in the wild and one publicly disclosed, plus 428 Chromium bugs
- Actively exploited flaws include CVE-2026-56155 (AD FS privilege escalation) and CVE-2026-56164 (SharePoint privilege escalation), along with notable issues in BitLocker and Copilot
- An increase in fixes is associated with Microsoft’s use of Anthropic’s Mythos AI, with patch volume increasing significantly since its adoption
Microsoft has released its July 2026 Patch Tuesday download, marking another record-breaking update that addresses hundreds of bugs across the ecosystem.
The release, which is currently being rolled out to Microsoft users, fixes a staggering 622 vulnerabilities, including 58 critical, two that were observed to be exploited in the wild, and one that has already been made public.
On top of that, Microsoft also sent fixes for another 428 Chromium bugs.
A jump in numbers
There are simply too many vulnerabilities to list them all, but two that are being exploited in the wild are CVE-2026-56155 and CVE-2026-56164. The former is described as an “Insufficient granularity of access control in Active Directory Federation Services (AD FS)” flaw, which allows an authorized attacker to elevate privileges locally. It has a difficulty rating of 7.8/10 (high).
The latter is a “Lack of authentication for critical function in Microsoft Office SharePoint” flaw that allows an unauthorized attacker to elevate privileges over a network. Microsoft assigned it a medium severity score (5.3/10), but the National Vulnerability Database gave it a 9.8/10 (critical).
Other notable mentions include CVE-2026-50661, a protection mechanism flaw in Windows BitLocker that allows unauthorized attackers to bypass a security feature with a physical attack, and CVE-2026-48561, an improper neutralization of special elements used in a command in Microsoft Copilot that allows an unauthorized attacker to execute code over a network.
If you think fixing 622 vulnerabilities in a month is a lot, you’re absolutely right. It’s way beyond what Microsoft is used to doing, and it’s most likely because the company is now using the fabled Mythos – Anthropic cybersecurity-oriented AI.
In June 2026, about a month and a half after the release of Mythos, Microsoft fixed 206 bugs, which raised eyebrows because it was significantly above the company’s usual number of bugs being fixed.
In May it corrected 120 errors, in April 167 and in March – 79.

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



