Microsoft Windows 10 Sicherheitsupdates  Image © MicrosoftMicrosoft Windows 10 Sicherheitsupdates (Image © Microsoft)

AI-powered bug hunting leads to record numbers

The increase is attributable to the use of Mdash, an AI system introduced in May to identify software bugs. The tool has significantly accelerated the detection process. As a result, Microsoft has already fixed 1,380 security vulnerabilities in 2026—a figure that surpasses all previous calendar years.

Distribution of Security Patches

Windows took center stage with 416 individual patches. Office 2016 and general Office versions followed with 82 patches each. Additional updates were distributed across Microsoft Edge (46), developer tools (27), SharePoint Server (17), and Azure (11). The total number of resolved issues rises to 1,050 when the 428 patches from the Chromium project are included.

High-Risk Vulnerabilities and Active Exploits

Some of these vulnerabilities are particularly dangerous. Two of them are already being exploited in the wild. These include CVE-2026-56155, which affects Active Directory Federation Services, and CVE-2026-56164, which affects SharePoint Server. Both allow for unauthorized privilege escalation.

Attackers also have access to a publicly available exploit for CVE-2026-50661, a vulnerability found in BitLocker. Additional critical security vulnerabilities have been identified in various services. These include vulnerabilities in the Windows RDP component (CVE-2026-56190), in DHCP servers (CVE-2026-50518), and in Exchange Server (CVE-2026-55008). Additional critical issues were found in SharePoint under the identifiers CVE-2026-50522 and CVE-2026-58644. To secure these systems, it is necessary to install the July updates immediately.