Microsoft released patches for more than 570 security vulnerabilities on July 15, 2026 as part of its monthly Patch Tuesday cycle, the largest single-month tally in the program's history. The record haul, first reported by KrebsOnSecurity and TechCrunch, includes two zero-day bugs already being exploited in the wild plus one publicly disclosed BitLocker bypass.
Two Zero-Days And A BitLocker Bypass
CVE-2026-56155 is an elevation-of-privilege flaw in Active Directory Federation Services being exploited by attackers who Microsoft's incident responders spotted using it to escalate from local, low-privilege access to the AD FS Distributed Key Manager container. CVE-2026-56164, an EoP flaw in SharePoint Server reported by Google's incident-response team, is remotely exploitable in low-complexity attacks and has been added to CISA's Known Exploited Vulnerabilities catalog. CVE-2026-50661 is a publicly disclosed BitLocker security feature bypass that CrowdStrike suspects may be the fix for the "GreatXML" exploit released by the Nightmare Eclipse persona.

AI Is Doing The Finding — And The Exploiting
Microsoft flagged the surge in its Evolving Windows Vulnerability Management post a week earlier, warning enterprises the monthly numbers would be far higher than usual because AI is being used to hunt bugs internally. "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release," said Windows boss Pavan Davuluri. The company also confirmed attackers are using the same tools, and now recommends the deferral window for quality updates be cut to less than three days.
The Exploitability Index Is Breaking
Tenable senior staff research engineer Satnam Narang told Help Net Security that Microsoft's Exploitability Index is struggling to keep up with machine-speed discovery, pointing to the recent CVE-2026-45659 SharePoint bug that was tagged "exploitation less likely" before being added to CISA KEV weeks later. Anthropic's Red Team also found its Mythos Preview model could produce proof-of-concept exploits for 13 of 14 vulnerabilities rated "unlikely," a data point that echoes Ant Group's SingGuard-NSFA release and Cisco's WideField Security acquisition. Five Eyes cyber agencies now formally advise integrating AI into security operations to catch bugs earlier.
Reporting based on coverage from TechCrunch, Help Net Security and KrebsOnSecurity.
