569 Patches in One Month: Microsoft Just Broke Every Record on the Books

AI tools are finding software flaws faster than any human team ever could. The result is a single monthly update that dwarfs every full year of fixes from the past two decades.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial overhead shot of a darkened security operations center desk, multiple monitors glowing blue with abstract vulnerability dashboards and
Share

Key points

  • Microsoft released patches for 569 security flaws in July 2025, the largest single Patch Tuesday release ever recorded, with 59 rated as the most severe possible.
  • Three of those flaws are zero-days, meaning software weaknesses that were either already being actively attacked or had details made public before a fix existed.
  • Two actively exploited flaws sit inside Active Directory Federation Services and SharePoint Server, both tools that large organisations use to control who can log in and access company files.
  • SAP also released patches this month, including one rated 9.9 out of 10 on the severity scale, covering its NetWeaver Application Server software used widely in corporate finance and HR systems.
  • Security researchers at Tenable predict Microsoft will patch more than 3,000 vulnerabilities by the end of 2025, surpassing the previous full-year record of 1,245 set in 2020.

Let me be plain about what happened this month. Microsoft pushed out 569 security fixes in a single Tuesday update. That number, reported by Tenable senior researcher Satnam Narang and covered by CSO Online, is not just a monthly record. It beats every full-year total from the last twenty years, combined with July's numbers alone pushing the 2025 count past any prior annual figure.

Why so many at once? AI.

Security researchers now use artificial intelligence tools, essentially software trained to think like a hacker, to scan code and find weak spots. These tools work at machine speed. They find flaws in hours that would have taken a human team months. Microsoft said as much earlier this month when it told customers to expect higher patch volumes going forward.

The failure mode here is obvious. Patching teams are already stretched. Tripling the monthly workload does not triple the number of people available to fix things.

Should ordinary employees be worried right now?

Yes, in a specific and practical way. Two of this month's flaws are already being exploited by criminals in real attacks. Both involve Active Directory Federation Services (AD FS), which is the system many companies use to verify employee logins across different applications, and Microsoft SharePoint Server, a platform where teams store and share internal documents. A criminal who gets limited access to a company network can use these flaws to quietly promote themselves to full administrator, then do whatever they like.

A third flaw, CVE-2026-50661, sits in Windows BitLocker, the encryption tool that scrambles data on laptops so it cannot be read if a device is stolen. Details of this flaw are already public, which gives attackers a head start before many organisations have applied the fix.

Dustin Childs, head of threat awareness at TrendAI's Zero Day Initiative, called this the "Mother of All Releases." He drew specific attention to a 9.9-out-of-10 severity flaw in Windows VMSwitch (CVE-2026-57092), which lets attackers break out of a virtual machine, a contained computing environment meant to act as a safe sandbox, and take over the physical server beneath it. In cloud and data centre environments, that is catastrophic.

For people outside IT: if your employer uses Microsoft products and has not yet applied July's updates, the biggest practical risk is that criminals could steal login credentials or lock company systems with ransomware, which is malicious software that scrambles files until a ransom is paid.

One thing the post-mortem will say, for any organisation hit this month: the patches were available. The window between "patch released" and "actively exploited" is now measured in days, not weeks.

If you work in IT, start with the AD FS and SharePoint fixes. Everything else can queue behind those two.

Operational takeaway: The exploitability index was designed for humans reading advisories; AI does not read advisories, it just writes the exploit.

© 2026 Threat Vectr