Microsoft released its largest Patch Tuesday ever on July 14, 2026, delivering fixes for a staggering 570 vulnerabilities—including two actively exploited zero-days—alongside a new Point-in-Time Restore feature designed to roll back a malfunctioning Windows 11 PC in minutes. The KB5101650 update for Windows 11 versions 24H2 and 25H2 also introduces a 35-day update pause option and a long-awaited fix for overly aggressive Widgets, but it’s the security payload that demands immediate attention.
What landed on your PC this Patch Tuesday
The July cumulative update comes in multiple flavors depending on your Windows 11 edition:
- Windows 11 25H2 receives KB5101650, moving to OS build 26200.8870.
- Windows 11 24H2 gets the same KB5101650, advancing to build 26100.8875.
- Windows 11 26H1 (primarily on newer Qualcomm Snapdragon Arm devices) takes KB5101649, landing at build 28000.2525.
- Windows 11 23H2 Enterprise/Education ships KB5099414, build 22631.7376.
The star addition for mainstream users is Point-in-Time Restore. When your PC misbehaves after a driver install, configuration change, or a bad app update, you can now revert the entire system—including applications, settings, and personal files—back to a recent automatic checkpoint. Microsoft says it’s faster and more comprehensive than the old System Restore, and it’s part of a broader push toward automated recovery tools like Quick Machine Recovery.
Then there’s the 35-day update pause. You can now hit the brakes on Windows updates for over a month straight from Settings, and then pause again after resuming. That’s a notable jump from the previous 7-day limit and gives both home users and small shops more breathing room to watch for issues before letting a monthly patch through.
Widgets got some long-overdue tuning. They’ll no longer pop open when your mouse hovers over the taskbar icon, and badge notifications are dialed back. Microsoft also shrank the Widgets panel’s memory footprint, especially on systems with limited RAM. These changes won’t thrill anyone who actively uses Widgets, but they’ll make the feature far less annoying for everyone else.
Accessibility sees meaningful upgrades: a Screen tint overlay to reduce eye strain, new preset zoom increments and an exact-zoom box in Magnifier, and voice access/typing in French, German, and Spanish. Bluetooth fixes aim to speed up AirPods pairing, improve microphone reliability on Beats Studio Pro, and shave seconds off reconnection after waking your PC from sleep. A new adjustable right-click zone for touchpads lands under Settings, and the emoji panel now pulls GIFs from GIPHY after Google’s Tenor API was deprecated.
All this is packaged with the month’s security fixes. BleepingComputer tallied 570 vulnerabilities across Microsoft products, while Tenable counted 569—a discrepancy owing to classification differences rather than a smaller actual load. Of those, 59 are rated Critical, including 48 remote-code-execution bugs. Three zero-days made the list: CVE-2026-56155 (Active Directory Federation Services elevation of privilege), CVE-2026-56164 (SharePoint Server elevation of privilege), and CVE-2026-50661 (a BitLocker security-feature bypass). The first two were already being exploited in the wild before the patches shipped.
What this means for you—and your network
If you’re a home user, KB5101650 is a no-brainer. The security stakes alone make installing it urgent. Once patched, explore Point-in-Time Restore: you’ll find options to create a restore point or roll back under System > Recovery. It’s worth enabling the feature on your main PC, but remember that it’s not a substitute for regular backups. Test the 35-day pause if you like, but don’t leave it paused indefinitely when there are active exploits in the wild.
If you manage endpoints at work, your first job is validation. Point-in-Time Restore touches user data and applications in ways that System Restore didn’t. Before you roll it out as a help-desk staple, test it on a representative set of devices. Check how it behaves with BitLocker, VPN clients, endpoint detection agents, database apps, and any software that syncs state to the cloud (OneDrive Known Folder Move, for example). You don’t want a restore that breaks more than it fixes.
The 35-day pause is useful, but July’s update contains patches for zero-days that are under attack. Delaying deployment purely to avoid change carries more risk than usual. Instead, use your deployment rings to validate quickly and then accelerate rollout. Separate testing delay from indefinite postponement.
The update also includes a network hardening change that enforces Transport Driver Interface (TDI) registration requirements. Applications that use sockets over unregistered third-party TDI transports may stop working after you install this month’s patches. If your environment still runs older VPN software, network filters, or legacy security tools, test them immediately. Microsoft currently lists no known issues, but that doesn’t guarantee your custom integrations will survive untouched.
How we got here: the relentless rise of Patch Tuesday
Microsoft has been warning for months that its security disclosure numbers would climb. The introduction of the Multi-model Agentic Scanning Harness (MDASH) inside the company has supercharged vulnerability discovery. July’s 570-fix dump isn’t a fluke; it’s the new normal. The last several Patch Tuesdays have set consecutive records, and we should expect similarly massive releases as long as MDASH keeps finding bugs.
Point-in-Time Restore is part of a larger recovery story that Microsoft has been stitching together since early 2025. Quick Machine Recovery already lets Windows automatically fix startup failures, and the Windows Recovery Environment gained the ability to pull fixes from Windows Update without booting fully. Point-in-Time Restore adds the missing piece: a user-initiated “undo” that goes beyond drivers and registry keys. It’s a direct answer to the steady drumbeat of user frustration over botched updates and careless driver installs.
The version fragmentation in this release—four different Windows 11 builds getting separate patches—reflects Microsoft’s current servicing reality. Windows 11 24H2 Home and Pro editions hit end of support on October 13, 2026, just three months after this update. If you’re still on 24H2, the clock is ticking for migration to 25H2. Meanwhile, 26H1 remains an Arm-centric branch that lags on some consumer features but leads on others like NPU info in Task Manager and multi-app camera access. The 23H2 Enterprise/Education edition hangs on until November 10, 2026, with only critical fixes and a few backend changes.
What to do this week
- Install KB5101650 now on your personal Windows 11 24H2/25H2 PC. The exploited zero-days alone justify it.
- Set a restore point after the update completes—or enable automatic checkpoints if you haven’t already. That gives you a safety net for future changes.
- If you manage corporate devices, spin up a test group. Validate Point-in-Time Restore with your full application stack and BitLocker settings. Monitor for post-restore data loss or authentication quirks.
- Audit your installed software for anything that might use unregistered TDI transports. Talk to vendors if you rely on older VPN clients or network-monitoring tools.
- Prioritize patching AD FS and SharePoint servers immediately; those zero-days don’t wait.
- Start your Windows 11 25H2 migration plan if you’re still on 24H2 Home or Pro. The October support cliff is coming fast.
- For BitLocker-protected machines, note that CVE-2026-50661 requires specific conditions for exploitation, but installing the update closes the gap. No extra configuration needed.
The bigger picture
Microsoft’s July 2026 Patch Tuesday is a turning point. It marries a ballooning security bulletin with a genuinely useful recovery tool that should reduce help-desk calls over time. But the sheer volume of fixes—and the fact that two were already weaponized—underscores a hard truth: updating Windows isn’t optional, and delaying can be more dangerous than a bad patch.
Point-in-Time Restore will roll out gradually, so not every PC will see it right after installing KB5101650. Microsoft says the feature is in a phased rollout, meaning you might need to wait a few days or toggle a setting to activate it. Once it arrives, it could become the fastest way to recover from a software disaster—but only if you’ve tested it and trust it on your hardware.
Looking ahead, we’ll watch for reports of applications broken by the TDI hardening change and for evidence that Point-in-Time Restore works reliably at scale. The next few months will also reveal whether the 35-day pause becomes a staple for cautious updaters or a trap that leaves machines exposed to threats that are patched elsewhere. In the meantime, July’s update is a download you shouldn’t ignore.