{
  "type": "article",
  "title": "A Single Windows Update Just Fixed 570 Security Flaws, Including Three Zero-Days",
  "summary": "Microsoft's July Patch Tuesday update closes a record 570 flaws, including three zero-days tied to Active Directory Federation Services, SharePoint Server and BitLocker.",
  "content": "Microsoft's Patch Tuesday update for July has fixed a record 570 flaws in Windows, the largest single batch of fixes the company has ever shipped in one update. Among them are three zero-day vulnerabilities that were either actively exploited or publicly disclosed before an official fix existed. Just a month earlier, June's update had held the title of the biggest ever, with patches for just over 200 flaws, meaning July's rollout has more than doubled that previous record. Patch Tuesday updates are typically delivered automatically to devices, but given the scale and severity of this month's fixes, users are being urged to make sure the update has actually installed as soon as possible.\n\nZero-day vulnerabilities are considered the most dangerous category of security flaw because a zero-day is one that has already been actively exploited in the wild, or publicly disclosed, before the developer has released an official patch. That gap between disclosure and a fix is exactly when attackers have the most opportunity to strike. Of the three zero-days addressed this month, two had already been actively exploited by attackers, while the third had only been publicly disclosed without any confirmed exploitation.\n\nThe First Actively Exploited Flaw Sits in Active Directory\nThe first actively exploited zero-day is tracked as CVE-2026-56155, an elevation of privilege flaw in Active Directory Federation Services. It allows an attacker to elevate their privileges locally on a compromised machine, effectively letting someone with limited access gain far greater control over the system. The flaw was discovered by Jeremy Kingston and Scott Clark, both members of Microsoft's Detection and Response Team, known as DART.\n\nThe Second Targets Microsoft SharePoint Server\nThe second actively exploited vulnerability, CVE-2026-56164, is also an elevation of privilege flaw, but this one lives in Microsoft SharePoint Server. The issue stems from a missing authentication check for what Microsoft describes as a critical function, which allows an unauthorized attacker to elevate privileges over a network without needing prior access to the system. Microsoft credits the discovery to several researchers: Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud, the FLARE OTF team, and an anonymous individual.\n\nThe Third Involves BitLocker Encryption\nThe third zero-day fixed this month was publicly disclosed, but no known exploits have been reported for it so far. Tracked as CVE-2026-50661, it is a security bypass flaw in Windows BitLocker that could let an attacker with physical access to a device obtain encrypted data. That makes it a threat not just from remote attackers, but also in scenarios where a device is lost or stolen and falls into someone else's hands. Microsoft credits an anonymous researcher with reporting this flaw.\n\nWhen the Update Arrives and How to Install It\nPatch Tuesday updates are typically released around 10 a.m. PT on the second Tuesday of every month. Most devices will download and install the update automatically, but users should still confirm it has actually landed on their machine. That can be done by going to Start, then Settings, then Windows Update, and clicking Check for Windows updates before installing whatever the latest available update turns out to be. Given that three zero-day flaws are part of this month's fixes, delaying the update carries more risk than usual.\n\nWhat this means for you\nThis news has a direct, practical effect on anyone running a Windows device.\n\n• For everyday users: Devices that haven't installed this update remain exposed to flaws that are already being actively exploited, so checking Windows Update right away matters more than usual this month.\n• For businesses and IT teams: Organizations running SharePoint Server or Active Directory Federation Services should prioritize this patch, since those are exactly the two systems where actively exploited flaws were found.\n\nQuestions & Answers\n\n1. How many flaws did Microsoft's July Patch Tuesday update fix in total?\nIt fixed a record 570 flaws, making it the largest Patch Tuesday update ever released.\n\n2. How many of those flaws were zero-days?\nThree flaws were zero-days, two of which had been actively exploited and one that had only been publicly disclosed.\n\n3. What is CVE-2026-56155 and who found it?\nIt's an elevation of privilege flaw in Active Directory Federation Services, discovered by Jeremy Kingston and Scott Clark of Microsoft's DART team.\n\n4. Which software does CVE-2026-56164 affect?\nIt affects Microsoft SharePoint Server, where a missing authentication check for a critical function lets an unauthorized attacker elevate privileges over a network.\n\n5. How dangerous is the BitLocker flaw, CVE-2026-50661?\nNo active exploitation has been reported yet, but an attacker with physical access to a device could use it to obtain encrypted data.\n\n6. How should users install the update?\nGo to Start, then Settings, then Windows Update, click Check for Windows updates, and install whatever new update appears.\n\n7. When does Patch Tuesday usually come out?\nIt's typically released around 10 a.m. PT on the second Tuesday of every month.\n\n8. What was the previous record for the largest Patch Tuesday update?\nJune's update previously held the record, fixing just over 200 flaws.",
  "url": "https://trendkia.com/en/technology/windows-yujarsa-ke-lie-chetavani-eka-hi-apadeta-men-thika-huin-rikorda-570-suraksha-khamiyan-7751",
  "category": "Technology",
  "publishedAt": "2026-07-15",
  "tags": [
    "Patch Tuesday",
    "Microsoft",
    "Windows Security",
    "Zero-day Vulnerability",
    "BitLocker",
    "SharePoint Server",
    "Cybersecurity",
    "Active Directory"
  ],
  "language": "en",
  "site": "TrendKia"
}