Microsoft Patches Record 622 Flaws as AI Tools Put 2026 on Pace for 2,000-Plus CVEs
Updated
Updated · CyberScoop · Jul 14
Microsoft Patches Record 622 Flaws as AI Tools Put 2026 on Pace for 2,000-Plus CVEs
3 articles · Updated · CyberScoop · Jul 14
Summary
622 vulnerabilities were fixed in Microsoft’s July Patch Tuesday release, far above June’s then-record 206 and spanning Windows, Office, Edge and other products.
Microsoft said its MDASH AI scanning system is uncovering and helping patch defects faster and at greater scale, driving a surge that researchers say reflects better bug-finding rather than uniformly higher risk.
Two actively exploited zero-days were among the fixes: CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint Server, both privilege-escalation flaws.
416 Windows flaws, 82 Office flaws and 46 Edge flaws were patched, with 63 vulnerabilities rated critical—more than 1 in 10 of the total.
Researchers said Microsoft’s 2026 CVE count has already surpassed prior years at this point and could top the 2020 annual record of 1,245, potentially exceeding 2,000 or even 3,000 this year.