Tech

Microsoft Patches records 570 Windows security bugs with two zero-day exploits – update now

Lance Whitney/ZDNET

Follow ZDNET: Add us as a favorite resource on Google.


Highlights taken by ZDNET

  • Microsoft patched 570 Windows security flaws in July.
  • The errors include three zero days, two of which have been exploited.
  • The update also improves key features like File Explorer and Bluetooth.

The second Tuesday of the month marks Patch Tuesday, when Microsoft hits more security bugs in Windows. But July has a record number of bug fixes, so this is one update you’ll want to install ASAP.

Updates are available for Windows 11 25H2/24H2 and 23H2, as well as Windows 10 (assuming you’re enrolled in the free Extended Security Update program). I have a few virtual machines running Windows 10, which I keep patched with ESU.

As always, July’s Patch Tuesday updates are mandatory, meaning they download and install automatically. All you need to do is restart your PC for the update to take effect.

Also: Windows Search just got a quick, clean fix — how to try it today

To manually check Windows 11, go to Settings and select Windows Update. In Windows 10, go to Settings, select Update & Security, and click Windows Update. You should see the new update pending reboot. If not, click the “Check for updates” button to download and install them.

Now for the details.

What’s included in July Patch Tuesday?

In July, Microsoft patched 570 major Windows security flaws, the most ever seen in a single month. This is better than the previous records when the company picked up 206 bugs in June and 164 in April. Why is the trend growing? Thank you AI.

Microsoft uses an internal “multi-agent scanning harness”, called MDASH. This AI-powered tool tries to identify real Windows vulnerabilities, reduce false positives, and deliver results to developers as quickly as possible. Overall, this reduces the amount of time that attackers can exploit zero-day flaws.

“Microsoft warned that organizations should expect security updates to become more frequent as the company expands its use of AI to uncover vulnerabilities and accelerate patch development, while continuing to rely on human developers for final verification and release decisions,” patch management provider Action1 posted about the latest update.

Among the vulnerabilities eliminated this month, three were zero days, according to Action1. Two of them have already been exploited in an attack, and the third was made public, meaning attackers could use it. Two vulnerabilities that have already been exploited include one that affects Microsoft’s Active Directory and one that focuses on Microsoft SharePoint, making them highly impactful for organizations.

Also: Windows questions? How Copilot can analyze your PC settings now

But the publicly disclosed flaw targeted Microsoft’s BitLocker encryption feature, making it a concern for both individual and business users. Here, someone with physical access to the computer can bypass BitLocker security to access the encrypted system drive and view your personal files.

“Although an attack requires physical access, the potential exposure of sensitive business or personal information makes this a major security concern, especially for lost, stolen, or unattended devices,” Action1 said. “Systems deployed in remote or shared environments may be more vulnerable.”

Important update

Combine three zero-days and 61 vulnerabilities rated critical, and this is an important update you’ll want to install; at least, most of you will.

Microsoft has stopped updating certain Dell computers due to incompatibility issues. In an announcement in its support thread, the company explained the snafu as follows:

“This update may not be available for a limited number of Dell devices with Intel processors due to an incompatibility reported by Dell that may cause unexpected shutdowns, poor performance, overheating, and battery drain. We are working with Dell to prevent affected models from experiencing the problem and plan to release a solution for affected devices in the coming days.”

If not, there’s more here than just a security fix. The July update also improves several important Windows features.

The widgets app has been a controversial feature, not just because of its content, but because of the simple way you can launch it by hovering over the taskbar icon. With the July update, the widgets screen no longer opens automatically when you hover over an icon. The tool now opens on the dashboard instead of the Microsoft Discover page. Also, you can easily change any of the default settings.

Also: New to Microsoft Windows 11’s recovery tool is the last undo button – a way to enable it

File Explorer should now load faster and be more responsive when mounting a virtual drive. Suggestions from the address bar should be more reliable, and the address bar itself now supports folder and file name paths that include double backslashes and quotation marks, allowing you to access different locations.

Bluetooth can be a problem for Windows. The latest update promises to improve the speed and reliability of connecting to Bluetooth devices. Apple’s AirPods will pop up quickly when you try to pair them, while the microphone on the Beats Studio Pro headphones aims to be more reliable.

Setting up and using a printer is often another hot task in Windows. Now, new third-party printer installations will use Internet Printing Protocol and Windows Ready Print by default. This is intended to simplify setup and improve the reliability of adding a printer.

Also: You can quickly restore Windows 11 from scratch even if it can’t boot – here’s how

As one piece of icing on the cake, you can now pause Windows updates until a specific date instead of just a regular time, like one week. To try this, go to the Windows Update screen and select the check box next to Pause updates. Then select the date you want to resume updates. But remember to restart the updates at some point, especially if you have important ones waiting to be installed.



Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button