Back to Feed
VulnerabilitiesJul 14, 2026

Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review

Microsoft and Adobe release July 2026 security updates addressing hundreds of vulnerabilities, including three

Summary

Microsoft's July 2026 Patch Tuesday addresses 570 vulnerabilities, including 57 critical and 468 in Edge/Chromium. Three zero-day vulnerabilities were patched, with two already exploited in attacks. Adobe also released 12 advisories for 89 vulnerabilities, 63 of which are critical, across various products like Animate and ColdFusion.

Full text

Table of ContentsMicrosoft Patch Tuesday forJuly2026Adobe Patch for July 2026Zero-day Vulnerabilities Patched inJulyPatch Tuesday EditionCritical Severity Vulnerabilities Patched inJulyPatch Tuesday EditionOther Microsoft Vulnerability HighlightsMicrosoft Release SummaryQualys Monthly Webinar Series Microsoft’s July 2026 Patch Tuesday delivers security updates for a broad range of products and services, including several vulnerabilities that pose significant risks to enterprise environments. As attackers continue to target unpatched systems, the timely deployment of these updates remains one of the most effective defenses against exploitation. This blog provides an overview of the month’s key security fixes, highlights the most critical vulnerabilities, and offers guidance for prioritizing patch deployment. Microsoft Patch Tuesday for July 2026 This month’s release addresses a whopping 570 vulnerabilities, including 57 critical and 510 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed three zero-day vulnerabilities, with two exploited in attacks and one publicly disclosed. There were also a massive 468 vulnerabilities in Microsoft Edge/Chromium this month. Of the 468 Edge CVEs, 360 were issued by the Chrome CNA (upstream Chromium fixes rolled into Edge), and the rest are Microsoft-issued CVEs for the Microsoft Edge (Chromium-based) and Microsoft Edge for Android products. Microsoft Patch Tuesday, July edition, includes updates for vulnerabilities in Windows Media, Windows HTTP.sys, Windows Hyper-V, Windows NTFS, Windows BitLocker, Windows Bluetooth Port Driver, Windows Bluetooth Service, Microsoft Copilot, Microsoft Defender, Microsoft Exchange Server, and more. This month’s release includes fixes for several high-severity issues that could potentially enable remote code execution, privilege escalation, or denial-of-service attacks. As always, timely patch deployment is crucial to reduce exposure and ensure systems remain resilient against exploitation attempts. The July 2026 Microsoft vulnerabilities are classified as follows: Vulnerability Category Quantity Severities Spoofing Vulnerability 16 Critical: 1Important: 15 Denial of Service Vulnerability 35 Important: 35 Elevation of Privilege Vulnerability 254 Critical: 7Important: 247 Information Disclosure Vulnerability 102 Important: 102 Remote Code Execution Vulnerability 145 Critical: 48Important: 97 Security Feature Bypass Vulnerability 17 Critical: 1Important: 16 Adobe Patch for July 2026 Adobe has released 12 security advisories addressing 89 vulnerabilities across Adobe Animate, Adobe ColdFusion, Adobe Bridge, Content Credentials SDK, Adobe Illustrator, Adobe After Effects, Adobe Creative Cloud Desktop Application, Adobe Premiere Pro, Adobe Experience Manager, Adobe Commerce, Adobe Media Encoder, and Adobe Audition. 63 of these vulnerabilities are rated critical. Successful exploitation of these vulnerabilities may lead to privilege escalation, Security feature bypass, arbitrary file system read, application denial-of-service, and arbitrary code execution. Zero-day Vulnerabilities Patched in July Patch Tuesday Edition CVE-2026-50661: Windows BitLocker Security Feature Bypass Vulnerability A protection mechanism failure in Windows BitLocker may allow an unauthenticated attacker to bypass a security feature with a physical attack. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device to gain access to encrypted data. CVE-2026-56155: Active Directory Federation Services Elevation of Privilege Vulnerability Insufficient granularity of access control in Active Directory Federation Services (AD FS) could allow an authenticated attacker to elevate privileges locally. Successful exploitation of the vulnerability may allow an attacker to gain administrator privileges. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before July 28, 2026. CVE-2026-56164: Microsoft SharePoint Server Elevation of Privilege Vulnerability Missing authentication for a critical function in Microsoft Office SharePoint could allow an unauthenticated attacker to elevate privileges over a network. Microsoft mentioned in the advisory that enabling the Antimalware Scan Interface (AMSI) on the server and setting the Request Body Scan mode to Full can help mitigate this flaw. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before July 17, 2026. Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition CVE-2026-48561: Microsoft Copilot for Android (Edge) Remote Code Execution Vulnerability A command injection flaw in Microsoft Copilot may allow an unauthenticated attacker to execute code over a network. CVE-2026-55944: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability Deserialization of untrusted data in Microsoft Dynamics NAV may allow an unauthenticated attacker to execute code over a network. An attacker could exploit the vulnerability by sending a specially crafted login request to an affected Dynamics NAV or Business Central server. CVE-2026-55045: Microsoft Office Remote Code Execution Vulnerability An out-of-bounds read flaw in Microsoft Office allows an unauthenticated attacker to execute code locally. CVE-2026-42982: Windows Secure Kernel Mode Elevation of Privilege Vulnerability Improper validation of input consistency in Windows Secure Kernel Mode may allow an authenticated attacker to elevate privileges locally. CVE-2026-56188: Windows Server Network driver Remote Code Execution Vulnerability A race condition flaw in the Windows Server Network driver may allow an unauthenticated attacker to execute code over a network. CVE-2026-49164: Windows Active Directory Domain Services Remote Code Execution Vulnerability A heap-based buffer overflow flaw in Active Directory Domain Services may allow an unauthenticated attacker to execute code over a network. CVE-2026-54992: Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability A heap-based buffer overflow flaw in Windows Message Queuing Queue Manager may allow an unauthenticated attacker to execute code locally. CVE-2026-54982: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability An integer underflow flaw in the Reliable Multicast Transport Driver (RMCAST) may allow an unauthenticated attacker to execute code over an adjacent network. CVE-2026-54999: Windows TCP/IP Remote Code Execution Vulnerability A race condition flaw in Windows TCP/IP may allow an unauthenticated attacker to execute code over an adjacent network. CVE-2026-54995: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability A use-after-free in the Reliable Multicast Transport Driver (RMCAST) may allow an unauthenticated attacker to execute code over a network. CVE-2026-55008: Microsoft Exchange Server Spoofing Vulnerability A cross-site scripting flaw in Microsoft Exchange Server may allow an unauthenticated attacker to perform network spoofing. CVE-2026-55011: Microsoft Defender Remote Code Execution Vulnerability An integer underflow flaw in Microsoft Defender may allow an unauthenticated attacker to execute code locally. CVE-2026-55012: Microsoft Defender Remote Code Execution Vulnerability An integer overflow flaw in Microsoft Defender may allow an unauthenticated attacker to execute code locally. CVE-2026-54117 & CVE-2026-54118: Microsoft SQL Server Remote Code Execution Vulnerability A deserialization of untrusted data flaw in SQL Server may allow an authenticated attacker to execute code over a network. CVE-2026-50694: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability A use-after-free flaw in Windows Secure Socket Tunneling Protocol may allow an unauthenticated attacker to execute code over a network. CVE-2026-54127: Windows Hyper-V

Indicators of Compromise

  • cve — CVE-2026-50661
  • cve — CVE-2026-56155

Entities

Microsoft (vendor)Adobe (vendor)Microsoft Edge (product)Windows BitLocker (product)Active Directory Federation Services (product)