Microsoft's July Patch Tuesday shipped fixes for 622 CVEs across its product line - a new record that more than triples the previous high of 206.
The bulk of the fixes, over 500, target Windows specifically. Among them is a patch for a zero-day in Windows BitLocker, potentially tied to exploits surfaced by security researcher Nightmare-Eclipse earlier this year. The cumulative update for Windows 11, KB5101650, also kills a storage bug in the Capability Access Manager where a single database write-ahead log file could balloon to 500 GB - poor timing given current SSD pricing pressure. The update additionally promotes an Insider feature to general availability: users can now defer updates for up to 35 days, with reports suggesting the pause-unpause cycle can be repeated indefinitely.
The record count is being attributed at least partly to Microsoft's earlier bet on AI-assisted vulnerability detection. If that attribution holds, it marks a concrete payoff for the initiative - and raises an awkward implication: the same codebases have apparently been sitting on hundreds of patchable flaws all along.
The fine print: Microsoft warns that KB5101650 may not reach a subset of Dell devices running Intel processors, citing a compatibility issue that can cause unexpected shutdowns, overheating, and battery drain. A fix is promised in the coming days - which is not the sentence you want attached to a security update.