Microsoft Warns 2 Zero-Days Already Exploited In Attacks: Update Now
Microsoft addresses 570 security flaws in a record-breaking Patch Tuesday rollout, including two zero-days already being used in attacks. Don’t waste time; update now.
Davey Winder, Senior Contributor
Forbes
2 min read
8/10
Key Takeaways
Microsoft's July 2026 Patch Tuesday addresses a record 570 security flaws, the highest single-month total in company history.
Two zero-day vulnerabilities are already being actively exploited in real-world attacks: a Windows privilege escalation flaw and an Office remote code execution bug.
Of the 570 flaws, 12 are rated Critical, 548 Important, and 10 Moderate; the two zero-days are among the Critical-rated issues.
Microsoft has not released specific CVE identifiers or attack details but urges immediate patching with no workarounds provided.
The update also covers vulnerabilities in Azure, Dynamics 365, and other Microsoft products, making it critical for enterprise environments.
Microsoft has confirmed that two zero-day vulnerabilities are already being actively exploited in attacks, as part of a record-breaking Patch Tuesday update that addresses a staggering 570 security flaws. On July 15, 2026, Microsoft released its July Patch Tuesday update, fixing 570 vulnerabilities — the highest number ever in a single month — including two zero-days that attackers are already using in the wild. Patch Tuesday is Microsoft's monthly cycle for releasing security updates. July's update is historic in both volume and urgency. The two zero-days, tracked under undisclosed CVE identifiers for now, affect Windows and Microsoft Office products. The first is a privilege escalation flaw in Windows that could allow an attacker to gain system-level access. The second is a remote code execution vulnerability in Microsoft Office that can be triggered via a malicious document. Microsoft has not disclosed detailed attack vectors but has observed active exploitation. The 570 total flaws include 12 rated Critical, 548 rated Important, and 10 rated Moderate in severity. This record number reflects a growing trend of vulnerability discovery and disclosure, driven by increased security research and the expanding attack surface from hybrid work and cloud adoption. Security experts warn that the attack surface is expanding with hybrid work and cloud adoption. Organizations should prioritize patching, especially for the two actively exploited zero-days. Microsoft has not provided any workarounds for these vulnerabilities, making patching the only reliable defense. IT administrators should expedite updates across all systems, and individual users of Windows 10, Windows 11, and Microsoft Office should enable automatic updates to receive the patches immediately. Microsoft will release further technical details in a Security Response Center blog post. The company also reiterated its recommendation to use multi-factor authentication and least-privilege principles to reduce impact. The July update also covers vulnerabilities in Azure, Dynamics 365, and other Microsoft products. This event underscores the ongoing arms race between attackers and defenders, with zero-day exploits becoming more common. Organizations that fail to patch quickly risk data breaches, ransomware, and system compromise. The cybersecurity community is closely monitoring for additional exploitation activity. In the coming days, researchers will likely publish analyses of the zero-days, and Microsoft may release additional guidance. Users should ensure that updates are installed as soon as possible to mitigate risks.
Frequently Asked Questions
One is a privilege escalation flaw in Windows, allowing attackers to gain system-level access. The other is a remote code execution vulnerability in Microsoft Office that can be triggered via a malicious document. Both are already being actively exploited.
Microsoft fixed a record 570 security flaws in the July 2026 Patch Tuesday update. This is the highest number ever in a single monthly release, including 12 Critical, 548 Important, and 10 Moderate severity issues.
Yes, Microsoft confirmed that both zero-days are already being used in real-world attacks. The company has observed active exploitation and urges immediate patching.
The most effective protection is to install the July 2026 Patch Tuesday updates immediately via Windows Update. Enable automatic updates to ensure you receive patches promptly. Additionally, use multi-factor authentication and practice least-privilege principles.
The two zero-days affect Microsoft Windows (privilege escalation) and Microsoft Office (remote code execution). Users of Windows 10, Windows 11, and recent Office versions should apply updates as soon as possible.
Yes. Given active exploitation and no available workarounds, installing the updates is critical. Delaying increases the risk of system compromise, data breaches, or ransomware attacks.