Security/ windows · security · microsoft · patch-tuesday

Microsoft Patches a Record 622 CVEs in July Update

AI-assisted bug hunting helped Microsoft triple its previous Patch Tuesday record, though a Dell incompatibility is already causing headaches.

Microsoft's July Patch Tuesday shipped fixes for 622 CVEs across its product line - a new record that more than triples the previous high of 206.

The bulk of the fixes, over 500, target Windows specifically. Among them is a patch for a zero-day in Windows BitLocker, potentially tied to exploits surfaced by security researcher Nightmare-Eclipse earlier this year. The cumulative update for Windows 11, KB5101650, also kills a storage bug in the Capability Access Manager where a single database write-ahead log file could balloon to 500 GB - poor timing given current SSD pricing pressure. The update additionally promotes an Insider feature to general availability: users can now defer updates for up to 35 days, with reports suggesting the pause-unpause cycle can be repeated indefinitely.

The record count is being attributed at least partly to Microsoft's earlier bet on AI-assisted vulnerability detection. If that attribution holds, it marks a concrete payoff for the initiative - and raises an awkward implication: the same codebases have apparently been sitting on hundreds of patchable flaws all along.

The fine print: Microsoft warns that KB5101650 may not reach a subset of Dell devices running Intel processors, citing a compatibility issue that can cause unexpected shutdowns, overheating, and battery drain. A fix is promised in the coming days - which is not the sentence you want attached to a security update.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →