July 16, 2026

I've been doing this for a while, and 570 vulnerabilities in a single Patch Tuesday is a lot. A typical month runs somewhere between 60 and 120. July's number is roughly five times that. When Microsoft ships a number that size, it usually means the security team has been working through a backlog, some of which may have been quietly known by attackers before the fix was even released.
For a small business owner, the number itself isn't the point. The point is that unpatched Windows machines right now carry real exposure, and the window between Microsoft publishing a patch and someone weaponizing the vulnerability against it keeps getting shorter.
Some of these 570 fixes cover theoretical edge cases that require a very specific setup to exploit. But a portion of them, and Microsoft flags these separately as critical or actively exploited, are the kind that a remote attacker can use without needing physical access or a password. They can get in through a browser, a network share, or a malicious file someone opened in email.
I've seen it happen to a 12-person law firm in Bergen County. No antivirus alert, no warning. Just encrypted files on Monday morning because a machine hadn't been patched in three months.
The machines most at risk are usually the ones nobody thinks about. A workstation in the back office that's always on but rarely used. A laptop that only connects to the office network once a week. A conference room PC that runs Windows 10 and hasn't rebooted in six weeks.
A lot of business owners assume Windows Update handles this automatically. It mostly does, but mostly isn't the same as reliably. Updates get deferred when users click "remind me later." Laptops miss patch windows because they're closed when the update runs. Machines on metered connections skip updates entirely. And Windows 10 end-of-life is coming in October 2025, which adds a whole separate layer of urgency for anyone still running it.
If you have more than five or six Windows machines, you really need a way to see patch status across all of them, not just assume it's fine. Tools like Microsoft Intune or Windows Update for Business give IT teams a central view of what's patched and what isn't. Without that visibility, you're essentially flying blind.
If you have an IT person in-house, the immediate ask is simple: pull a patch compliance report. You want to know which machines have applied the July update and which haven't. Any machine that's more than two weeks behind on patches should be treated as a priority, not a backlog item.
If you're managing this yourself, go into Windows Update on each machine and force a check for updates. Reboot anything that's pending a restart. I know reboots are annoying. They're less annoying than explaining to clients why their data was compromised.
For businesses running Microsoft 365, make sure your Intune settings aren't set to defer updates indefinitely. The default deferral settings in some configurations push updates back 30 days, which means you're a month behind on a patch cycle that matters.
This is a good moment to take stock of which machines in your office are still running Windows 10. After October 14, 2025, those machines stop receiving security patches entirely. Any vulnerability discovered after that date goes unfixed forever on a Windows 10 machine unless you pay for Microsoft's Extended Security Updates program, which costs money and only buys you time anyway.
If you haven't started planning upgrades, start now. Hardware that can't run Windows 11 needs to be replaced. That takes budget and lead time, and Q4 tends to get busy fast.
Patch management sounds boring until it isn't. Getting a handle on it now, before something breaks, is genuinely the easier path. If you want someone to take a look at where your patch compliance actually stands, Exine works with NJ businesses on exactly this kind of thing.