Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Microsoft July 2026 Patch Tuesday fixes 570 flaws, including 3 zero-days.
Summary
Microsoft's July 2026 Patch Tuesday addresses a record-breaking 570 vulnerabilities, including three zero-day flaws. Two of these zero-days were actively exploited in attacks: CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in Microsoft SharePoint Server, both leading to elevation of privilege. A third zero-day, CVE-2026-50661, a security feature bypass in Windows BitLocker, was publicly disclosed.
Full text
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days By Lawrence Abrams July 14, 2026 02:01 PM 0 Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. Patch Tuesday addresses 59 "Critical" vulnerabilities, 48 of which are remote code execution, 9 are elevation of privilege, 1 is a security bypass, and 1 is a spoofing. The approximate number of bugs in each vulnerability category is listed below: 254 Elevation of Privilege Vulnerabilities 17 Security Feature Bypass Vulnerabilities 145 Remote Code Execution Vulnerabilities 102 Information Disclosure Vulnerabilities 35 Denial of Service Vulnerabilities 16 Spoofing Vulnerabilities When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include flaws in Mariner, Azure OpenAI, Azure Synapse, M365 Copilot, Microsoft Exchange Online, Microsoft Edge for Android, and Microsoft Entra Provisioning Service that were fixed by Microsoft earlier this month. There were also a massive 468 Microsoft Edge/Chromium flaws that were fixed by Google this month, which were excluded from this Patch Tuesday roundup. As part of last month's June Patch Tuesday, Google fixed 360 flaws that were later ported to Microsoft Edge. Last week, Microsoft warned that there would be an increase in Patch Tuesday security updates as it has begun to use an AI-powered vulnerability discovery system to identify more security flaws across its Windows codebase before attackers can exploit them. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5101650 & KB5099414 cumulative updates and the Windows 10 KB5099539 extended security update. Microsoft patches 3 zero-days This month's Patch Tuesday fixes three zero-day vulnerabilities, with two exploited in attacks and one publicly disclosed. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The two actively exploited zero-days addressed during this month's Patch Tuesday are: CVE-2026-56155 - Active Directory Federation Services Elevation of Privilege Vulnerability Microsoft has patched an actively exploited vulnerability in Active Directory Federation Services that grants administrative privileges. "Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally," warns Microsoft. Microsoft credited the flaw to Jeremy Kingston and Scott Clark of Microsoft Detection and Response Team (DART), Microsoft's incident response unit, indicating it was likely uncovered while investigating active attacks. Microsoft has not disclosed any details as to how the flaw was exploited in attacks. CVE-2026-56164 - Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft has patched an actively exploited flaw in Microsoft SharePoint Server that allows a remote attacker to gain elevated privileges. "Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network," explains Microsoft. Microsoft says that enabling the Antimalware Scan Interface (AMSI) on the server and setting the Request Body Scan mode to Full can help mitigate this flaw. No details have been released as to how this flaw was exploited in attacks. Microsoft credited the flaw to Jayson Frost with Mandiant Incident Response, Genwei Jiang with Google Cloud, FLARE OTF, and an anonymous researcher. The publicly disclosed zero-day that was fixed is: CVE-2026-50661 - Windows BitLocker Security Feature Bypass Vulnerability Microsoft has patched a publicly disclosed Windows BitLocker bypass flaw that could allow attackers to gain access to encrypted data. "A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data," explains Microsoft. Microsoft attributed the flaw to an anonymous researcher. Recent updates from other companies Other vendors who released updates or advisories in May 2026 include: Adobe recently patched seven max-severity ColdFusion and Campaign flaws, including the ColdFusion flaw CVE-2026-48282, which was later exploited in attacks. BeyondTrust released security updates for two critical authentication bypass flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software. Cisco released security updates for numerous products, including Cisco Identity Services Engine, Catalyst Center, and ClamAV. Cisco also confirmed that CVE-2026-20230, fixed in June, was actively exploited in attacks. Fortinet released security updates for numerous flaws in FortiOS, FortiSandbox, FortiPam, FortiSandbox, FortiSASE, and FortiProxy. Gitea released a security update for a critical auth bypass in the Gitea Docker image. Ivanti released security updates for two vulnerabilities in Ivanti Xtraction. Linux kernel maintainers released a patch for the Januscape vulnerability, a flaw that allows attackers to escape a virtual machine and execute arbitrary code on the host. NVIDIA released security updates for NVIDIA Triton Inference Server and NVIDIA TensorRT-LLM. Progress Software released security updates for a high-severity path traversal zero-day vulnerability that led to the emergency shutdown of ShareFile Storage Zone Controllers last week. Ubiquiti released security updates for vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. U-Boot maintainers introduced patches to fix new flaws that could enable stealthy firmware attacks. SAP released the July security updates, which include fixes for four critical flaws in NetWeaver, Commerce Cloud, and AppRouter. VMware released security updates for VMware Avi Load Balancer, which include authentication bypasses and remote code execution flaws. Zimbra released security updates for a critical XSS vulnerability affecting the Classic Web Client in the Zimbra Collaboration suite. The July 2026 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the July 2026 Patch Tuesday updates, excluding flaws fixed before today. To access the full description of each vulnerability and the systems it affects, you can view the full report here. Tag CVE ID CVE Title Severity .NET CVE-2026-50649 .NET Remote Code Execution Vulnerability Important .NET CVE-2026-50525 .NET Denial of Service Vulnerability Important .NET CVE-2026-50528 .NET Security Feature Bypass Vulnerability Important .NET CVE-2026-47302 .NET Denial of Service Vulnerability Important .NET CVE-2026-50659 .NET Spoofing Vulnerability Important .NET CVE-2026-50526 .NET Tampering Vulnerability Important .NET CVE-2026-47304 .NET Security Feature Bypass Vulnerability Important .NET CVE-2026-50651 .NET Denial of Service Vulnerability Important .NET Core CVE-2026-57108 .NET Denial of Service Vulnerability Important .NET Framework CVE-2026-50524 .NET Framework Denial of Service Vulnerability Important .NET Framework CVE-2026-50650 .NET Framework Elevation of Privilege Vulnerability Important .NET Framework CVE-2026-50527 .NET Framework Denial of Service Vulnerability Important .NET Framework CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability Important .NET Framework CVE-2026-50648 .NET Framework Denial of Service Vulnerability Important Active Directory Certificate Services (AD CS) CVE-2026-54121 Active Directory Certificate Services Elevation of Privilege Vulnerability Critical Active Directory Domain Services CVE-2026-50366 Windows Active Directory Domain Services Denial of Service Vulnerability Important Active Directory Domain Service
Indicators of Compromise
- cve — CVE-2026-56155
- cve — CVE-2026-56164
- cve — CVE-2026-50661