Microsoft Releases July 2026 Patch Tuesday Updates to Fix 622 Vulnerabilities, Including Two Actively Exploited Zero-Days

Views: 65 views

393/69 Friday, July 17, 2026

Microsoft has released its July 2026 Patch Tuesday updates to fix 622 vulnerabilities across multiple products, including Windows, Microsoft Office, SharePoint Server, SQL Server, Azure, and developer tools. Microsoft stated that the increase in the number of vulnerabilities is partly due to the use of artificial intelligence systems to help identify software flaws. This update includes three zero-day vulnerabilities that require attention, two of which have been confirmed as actively exploited in attacks.

The key zero-day vulnerabilities include CVE-2026-56155 in Active Directory Federation Services (AD FS), which could allow a low-privileged attacker with internal system access to escalate privileges on a server. CVE-2026-56164 in Microsoft SharePoint Server is an authentication control flaw that could allow unauthenticated attackers to conduct network-based attacks and elevate privileges on affected systems. CVE-2026-50661 in BitLocker was publicly disclosed before a patch was released and could allow an attacker with physical access to a device to bypass BitLocker protection mechanisms and access encrypted data.

Administrators should urgently install patches for AD FS and SharePoint Server, as related vulnerabilities have been confirmed as actively exploited in attacks. They should also update Windows systems and other Microsoft products to the latest versions, review historical event logs for signs of privilege escalation or abnormal system access, especially on systems exposed to the internet, and take steps to reduce the risk of exploitation.

Source: https://hackread.com/microsoft-july-2026-patch-tuesday-fixes-zero-days/