Microsoft patches record 570 Windows security bugs with two exploited zero days - update now
Follow ZDNET: Add us as a preferred source on Google.

Follow ZDNET: Add us as a preferred source on Google.
The second Tuesday of the month marks Patch Tuesday, when Microsoft squashes a slew of security bugs in Windows. But July boasts a new record for the most bugs patched, so this is one update you'll want to install ASAP.
The updates are available for Windows 11 25H2/24H2 and 23H2 , as well as for Windows 10 (assuming you're enrolled in the free Extended Security Update program ). I have a couple of virtual machines running Windows 10, which I keep patched via the ESU.
As usual, July's Patch Tuesday updates are mandatory, which means they download and install automatically. All you need to do is reboot your PC for the update to take effect.
Also: Windows Search just got a faster, cleaner overhaul - how to try it today
To check manually in Windows 11, head to Settings and select Windows Update. In Windows 10, go to Settings, select Update & Security, and then click Windows Update. You should see the new update waiting for a reboot. If not, click the "Check for updates" button to download and install it.
For July, Microsoft patched a whopping 570 Windows security flaws, the most ever in a single month. This tops previous record-breakers in which the company squashed 206 bugs in June and 164 in April . Why the growing trend? Thank AI.
Microsoft employs its own internal " multi-model agentic scanning harness ," codenamed MDASH. This AI-powered tool tries to identify true Windows vulnerabilities, reduce false positives, and deliver the results to engineers more quickly. Overall, this reduces the amount of time during which attackers can exploit zero-day flaws.
"Microsoft has warned that organizations should expect security updates to become more frequent as the company expands its use of AI to uncover vulnerabilities and accelerate patch development, while continuing to rely on human engineers for final validation and release decisions," patch management provider Action1 said in a post on the latest update .
Among the vulnerabilities patched this month, three were zero-days, according to Action1. Two of them have already been exploited in attacks, while the third was publicly disclosed, which means that attackers could have exploited it. The two already exploited flaws include one that affects Microsoft's Active Directory and one focused on Microsoft SharePoint, making them of greater impact to organizations.
Source: ZDNet