All posts

July 2026 Windows Update — 570 Fixes and 2 Zero-Days, the Biggest Patch Tuesday Ever

4 min read
Hands on a laptop keyboard with the screen glowing blue in a home office

Microsoft shipped 570 security fixes on 14 July. Fifty-nine of them Critical. Two zero-days already being exploited in real attacks. This is the biggest single Patch Tuesday Microsoft has ever released, roughly three times the size of last month's already record-breaking update. Install it now.

570
vulnerabilities patched this month59 Critical (48 remote code execution), 2 actively exploited zero-days, and 1 publicly disclosed BitLocker bypass. The largest security update Microsoft has ever shipped in a single month.

The two zero-days

Both target business infrastructure rather than home PCs directly. But attackers who get into a company network don't stop at one machine, and these are being used in real incidents right now.

2 zero-days, actively exploited

CVE-2026-56155: Active Directory Federation Services privilege escalation. A flaw in the login system businesses use for single sign-on. An attacker with basic access can promote themselves to full admin. Microsoft's own incident response team found this while investigating a live breach.
CVE-2026-56164: SharePoint Server privilege escalation. Missing authentication on a critical function. An unauthenticated attacker can escalate privileges remotely with no user interaction. Found by Mandiant while responding to an incident. If your workplace runs SharePoint, chase this update.

Other flaws worth knowing

The Print Spooler flaw is the one most likely to affect a home PC. The rest are server and enterprise, but when 48 of your 59 Critical bugs are remote code execution, you don't wait around.

How to install

  1. Settings → Windows Update
  2. Check for updates
  3. Wait 10-30 minutes
  4. Restart when prompted, not two days later
Quick check: The Windows 11 cumulative this month is KB5101650 (24H2 and 25H2). Look in Update history to confirm it's installed.

After June's update problems

Last month's KB5094126 caused boot failures, BitLocker recovery prompts, blue screens and broken OneDrive on some PCs. HP machines had it worst. If that put you off installing updates for a while, fair enough.

This month's update fixes several of those June bugs, and Microsoft says there are no known issues with KB5101650 so far. If you skipped June, installing July should sort both months.

One more to know about: a BitLocker bypass (CVE-2026-50661) was publicly disclosed before the patch landed. It needs physical access to your machine, so it's not a remote threat. But if you carry a work laptop with sensitive data, get it updated.

Windows 10

This month's Windows 10 patch is KB5099539. Microsoft quietly extended the free Extended Security Updates programme, so you now get free patches until October 2027 instead of October 2026. That buys another year to plan your upgrade. See the Windows 10 end-of-life guide for how to enrol.

If Windows Update itself is broken

A PC that can't update is a PC with 570 unpatched holes. The usual culprits are low disk space, corrupted update files, or antivirus clashing with Defender. I've covered the fixes in my common PC problems post. If storage is the bottleneck, speeding up a slow Windows 11 PC has that covered too.

If they keep failing and you're stuck, that's bread-and-butter computer repair stuff. Get in touch and I'll sort it.

For the full technical breakdown, Bleeping Computer covers every CVE and Krebs on Security analyses which ones matter most.

Mark — Your Local Computer Guy
Mark

Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google

Updates failing or something not right?

If Windows Update is stuck, your PC is running worse since you installed, or you're not sure you're protected — get in touch and I'll sort it.

★★★★★

"I cant fault this guy. Fit me in speedily and resolved the issue. Had another issue once I got home and he did fixed that too. Would defo use again."

— Melanie Atherton, via Google