Microsoft shipped 569 CVEs this cycle. Last month set the previous all-time high at 204. This one nearly triples it.
A few things worth flagging for anyone managing remediation right now:
-
3 zero-days this month, and 2 were actively exploited before a fix was available (AD FS and SharePoint Server both had unauthenticated privilege-escalation paths in the wild)
-
56 Critical, 510 Important, 3 Moderate
-
The BigFix Patch team already has fixlets published across Windows, .NET, SQL Server, and SharePoint for this cycle
Full breakdown, including which CVEs to prioritize first and how BigFix customers are remediating same-day, is in this month's Patch Tuesday webinar.
Join the HCL BigFix Patch Tuesday Webinar on July 15, 2026, at 11:00 AM EST for expert analysis of Microsoft's latest security updates, risk prioritization guidance, and remediation recommendations.
Register here: https://www.hcl-software.com/bigfix/patch-tuesday/webinars