Patch Tuesday roundup: Microsoft fixes a monthly record 569 holes; SAP patches a critical memory corruption bug

Summary

Microsoft has released a record-breaking 569 patches this month, with 59 rated as critical, and is advising customers to accelerate their patching schedules. This surge is attributed to improved vulnerability discovery tools, including AI models, which are expected to lead to over 3,000 CVEs by year-end. SAP also released 20 patches, including one critical memory corruption vulnerability.

IFF Assessment

FOE

The article details a record number of vulnerabilities and critical patches from Microsoft, indicating an increased threat landscape that defenders must actively manage.

Severity

9.9 Critical

The SAP vulnerability is described as a critical memory corruption bug with a CVSS score of 9.9, indicating a high severity and significant impact if exploited.

CISA KEV: Listed as actively exploited. Federal patch due: July 04, 2026. Known ransomware use: Unknown.

Defender Context

Defenders must prioritize patching efforts, especially for critical vulnerabilities like those disclosed in this Patch Tuesday roundup. The increasing volume of patches, driven partly by AI, highlights the need for efficient vulnerability management and a proactive security posture to mitigate widespread exploitation risks.

Read Full Story →