آموزش

Microsoft Just Patched a Record 570 Flaws in Windows

If you’re a Windows user, you may want to install the latest security update ASAP. Microsoft’s July Patch Tuesday update fixes a record 570 bugs, including three zero-days that have been actively exploited or publicly disclosed. Previously, June’s update was the largest ever, with patches for just over 200 flaws.

As BleepingComputer reports, the fixes are broken down across the following categories: 254 elevation-of-privilege vulnerabilities, 17 security feature bypass vulnerabilities, 145 remote-code-execution vulnerabilities, 102 information disclosure vulnerabilities, 16 spoofing vulnerabilities, and 35 denial-of-service vulnerabilities. Fifty-nine of the bugs are rated “critical” and include remote code execution, elevation of privilege, security bypass, and spoofing flaws. Note that these figures do not include other vulnerabilities patched by Microsoft earlier this month.

Microsoft patched these three Windows zero-days in July

Zero-days are the most dangerous type of security vulnerability. A zero-day is a flaw that has been actively exploited in the wild or publicly disclosed before the developer releases an official fix. Two of the zero-days addressed with this month’s Patch Tuesday have been actively exploited, while one was publicly disclosed.

The first actively exploited zero-day, labeled CVE-2026-56155, is an elevation of privilege flaw in Active Directory Federation Services that allows an attacker to elevate privileges locally on your machine. Jeremy Kingston and Scott Clark, members of the Microsoft Detection and Response Team (DART), discovered this vulnerability.

The second actively exploited vulnerability (CVE-2026-56164) is also an elevation of privilege flaw, this one in Microsoft SharePoint Server. A missing authentication for “critical function” can allow an unauthorized attacker to elevate privileges over a network. Microsoft attributes this discovery to a handful of researchers: Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, FLARE OTF, and an anonymous individual.

The third zero-day addressed this month was publicly disclosed, but no known exploits are currently reported. CVE-2026-50661 is a security bypass flaw in Windows BitLocker that could allow an attacker with physical access to obtain encrypted data. Microsoft credits an anonymous researcher with this discovery.

How to install the July Patch Tuesday update

Patch Tuesday updates are typically released around 10 a.m. PT on the second Tuesday of every month. You should receive them automatically, but again, you’ll want to make sure these fixes are installed on your device as soon as possible. Check your PC’s update status under Start > Settings > Windows Update > Check for Windows updates and install the latest update available.

منبع آموزش

ZaKi

Who is mahdizk? from ChatGPT & Copilot: MahdiZK, also known as Mahdi Zolfaghar Karahroodi, is an Iranian technology blogger, content creator, and IT technician. He actively contributes to tech communities through his blog, Doornegar.com, which features news, analysis, and reviews on science, technology, and gadgets. Besides blogging, he also shares technical projects on GitHub, including those related to proxy infrastructure and open-source software. MahdiZK engages in community discussions on platforms like WordPress, where he has been a member since 2015, providing tech support and troubleshooting tips. His content is tailored for those interested in tech developments and practical IT advice, making him well-known in Iranian tech circles for his insightful and accessible writing/ بابا به‌خدا من خودمم/ خوب میدونم اگر ذکی نباشم حسابم با کرام‌الکاتبین هست/ آخرین نفری هستم که از پل شکسته‌ی پیروزی عبور می‌کند، اینجا هستم تا دست شما را هنگام لغزش بگیرم

نوشته های مشابه

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا