Microsoft just set a record no one wanted to see broken. The July Patch Tuesday update pushed out fixes for a staggering 570 Windows security vulnerabilities — the highest number ever patched in a single month — and buried inside that massive release are three zero-day flaws, two of which attackers had already been actively exploiting before Microsoft could issue a fix.
Summary
Key takeaways
- Microsoft patched 570 Windows security bugs in July, the most ever in a single Patch Tuesday cycle.
- Three zero-day vulnerabilities were included; two were already exploited in the wild, targeting Active Directory and Microsoft SharePoint.
- A publicly disclosed zero-day affects BitLocker encryption, allowing physical access attacks that can bypass drive protection.
- Microsoft’s AI-powered tool MDASH is driving faster vulnerability detection, with more frequent updates expected as a result.
- The update also brings usability improvements to Windows Widgets, File Explorer, Bluetooth, and printer setup, plus a new option to pause updates until a specific date.
Microsoft’s Record-Breaking July Security Patch
The scale of this update is genuinely unprecedented. Previous Patch Tuesday cycles already trended heavy — Microsoft fixed 206 bugs in June and 164 in April — but July’s figure of 570 doesn’t just break the record, it obliterates it. For anyone managing a fleet of Windows machines, this is not a release to defer.
Of those 570 fixes, 61 vulnerabilities were rated critical. That alone would make this a serious update. The three zero-days sitting on top of that number push it into territory that demands immediate attention from both individual users and enterprise IT teams.
The AI Engine Behind the Numbers
The leap from 206 to 570 isn’t random. Microsoft has been deploying an internal tool called MDASH — described as a “multi-model agentic scanning harness” — that uses AI to identify genuine Windows vulnerabilities, cut down on false positives, and get results to engineers faster. The goal is straightforward: shrink the window during which attackers can exploit a flaw before a patch arrives.
Patch management provider Action1 noted that Microsoft has already warned organizations to expect security updates to become more frequent as AI expands its role in uncovering vulnerabilities. Human engineers still make the final call on validation and release, but the pipeline feeding them findings is now significantly faster.
That framing matters. A higher patch count isn’t necessarily a sign that Windows has become less secure — it may mean Microsoft is simply finding and fixing problems at a pace that wasn’t possible before. The uncomfortable flip side is that IT departments now face a more relentless update cadence with no clear ceiling in sight.
Critical Zero-Day Flaws and Their Impact
Two of the three zero-days were already being actively exploited before this patch dropped, making them the most urgent items in the entire release.
Exploited Zero-Days in Active Directory and SharePoint
The two in-the-wild exploits hit Microsoft Active Directory and Microsoft SharePoint — both core components of enterprise infrastructure. Active Directory is the backbone of identity and access management in most organizations; SharePoint is deeply embedded in document management and collaboration workflows. Attacks on either can cascade quickly across an organization’s systems, which is why Action1 flagged these as having greater impact for businesses specifically.
Details on the exact exploitation methods haven’t been fully disclosed, which is standard practice to avoid handing a roadmap to additional attackers. But the fact that exploitation was already underway before the patch means some organizations were running exposed for an unknown period.
Publicly Disclosed BitLocker Encryption Vulnerability
The third zero-day is different in nature but no less serious. It targets BitLocker encryption, the feature Windows uses to protect data on encrypted drives. Unlike the other two flaws, this one requires physical access to the machine — but that requirement shouldn’t be read as a reason for complacency.
Someone with hands-on access to a device can use this vulnerability to bypass BitLocker and read the contents of an encrypted system drive, including personal files and corporate data. Action1 put it plainly: “Although the attack requires physical access, the potential exposure of sensitive corporate or personal information makes this a significant security concern, particularly for lost, stolen, or unattended devices.” The firm also pointed out that systems deployed in remote locations or shared environments face elevated exposure.
For enterprises that issue laptops to field workers, or organizations that handle sensitive data on portable devices, this flaw has real-world implications that go beyond a lab-based threat scenario.
Enhancements and New Features in the July Update
Security dominates the conversation, but this release also ships a meaningful set of quality-of-life improvements that have nothing to do with vulnerabilities.
Windows Widgets and File Explorer Get Refinements
Windows Widgets has been a source of user frustration since its introduction — partly for its content, partly because hovering over the taskbar icon would accidentally open it. That default behavior changes with this update: the Widgets screen no longer pops up on hover, and the tool now opens to the dashboard rather than Microsoft’s Discover page. Default settings are also easier to adjust.
File Explorer gets a performance pass as well. Virtual drive mounting should be faster and more responsive, address bar suggestions more reliable, and the address bar itself now handles folder and filename paths containing double backslashes and quotation marks — a small but useful fix for anyone who regularly navigates network paths.
Bluetooth and Printer Setup Improvements
Bluetooth reliability in Windows has long been inconsistent. The July update targets connection speed and stability, with specific improvements for Apple AirPods pairing times and microphone reliability on Beats Studio Pro headphones.
Printer setup gets a structural fix: new third-party printer installations will now default to the Internet Printing Protocol and Windows Ready Print, aiming to reduce the friction that has made adding a printer one of the more reliably annoying Windows experiences.
Pause Updates Until a Specific Date
One genuinely useful addition for users who need more control over their update timing: Windows updates can now be paused until a specific date, rather than just a general period like one week. The option appears on the Windows Update screen next to “Pause updates” as a date picker. It’s a small change, but it gives IT administrators and individual users a cleaner way to schedule around critical deployments — as long as they remember to resume.
FAQ
What record did Microsoft set with the July Patch Tuesday update?
Microsoft patched 570 Windows security bugs in July, the highest number ever fixed in a single Patch Tuesday release, surpassing the previous high of 206 bugs fixed in June.
Which zero-day vulnerabilities were included in the July update and why are they significant?
The update includes three zero-day vulnerabilities. Two were already actively exploited in the wild and affect Active Directory and Microsoft SharePoint, making them especially dangerous for enterprise environments. The third was publicly disclosed and targets BitLocker encryption, meaning attackers were already aware of it before a fix was available.
How does the BitLocker vulnerability affect user security?
The BitLocker flaw allows someone with physical access to a Windows device to bypass its drive encryption and access the contents of the system drive. This poses a real risk for lost, stolen, or unattended devices that may contain sensitive personal or corporate data.
What role does AI play in Microsoft’s vulnerability detection and patching process?
Microsoft uses an AI-powered internal tool called MDASH to scan for vulnerabilities faster, reduce false positives, and deliver findings to engineers more quickly. This is widely credited with the sharp increase in monthly patch counts and is expected to make security updates more frequent going forward.
Article produced with the assistance of artificial intelligence and reviewed by the editorial team.

