Back to Feed
VulnerabilitiesJul 15, 2026

Microsoft’s July 2026 Patch Tuesday fixes 622 flaws and 2 exploited zero-days

Microsoft July 2026 Patch Tuesday addresses 622 CVEs, including two exploited zero-days.

Summary

Microsoft's July 2026 Patch Tuesday update is its largest to date, fixing 622 vulnerabilities across its product suite. Three critical issues require immediate attention: two actively exploited flaws in Active Directory Federation Services (AD FS) and SharePoint Server, and a publicly disclosed BitLocker bypass. Microsoft attributes its increased vulnerability discovery rate to AI-assisted research.

Full text

Security MicrosoftMicrosoft’s July 2026 Patch Tuesday fixes 622 flaws and 2 exploited zero-days Microsoft’s July 2026 Patch Tuesday fixes 622 CVEs, including exploited AD FS and SharePoint flaws, plus the disclosed BitLocker bypass requiring urgent action. byWaqasJuly 15, 20263 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening Microsoft has released its largest Patch Tuesday update to date, publishing fixes for 622 CVEs in July 2026. The total is more than three times the roughly 200 vulnerabilities addressed in June and includes vulnerabilities affecting Windows, Office, SharePoint Server, SQL Server, Azure products and development tools. Days before the update, Microsoft said artificial intelligence (AI) was helping its researchers inspect more code and identify vulnerabilities faster. The company also told customers to expect more fixes in each security release as its AI-assisted research produces additional confirmed findings. Behind that announcement is Microsoft’s multi-model agentic scanning harness, known as MDASH. The system uses several AI models, including third-party vulnerability research models, to inspect critical Windows binaries and test suspected bugs. Engineers then assess confirmed findings and review the fixes before release. Microsoft said human specialists remain responsible for evaluating results and approving code changes. Even with 622 fixes to process, three vulnerabilities require early attention because they were exploited or publicly known before patches became available. Microsoft confirmed attacks involving Active Directory Federation Services and SharePoint Server, while information about a separate BitLocker bypass was already public. Organizations using AD FS have a direct reason to move quickly on CVE-2026-56155. The 7.8-rated vulnerability allows an authorized attacker with local access and limited privileges to obtain greater control of an affected server. AD FS handles federated authentication and issues login tokens trusted by connected services, making compromise of that server especially serious. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog. On-premises SharePoint servers require the same urgency due to CVE-2026-56164. An unauthorized attacker can exploit the missing authentication control remotely, without user interaction, to gain additional privileges. The vulnerability affects SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Microsoft gave it a CVSS score of 5.3, showing how a numerical score alone can be a poor guide when attacks are already underway. BitLocker users face a different attack condition with CVE-2026-50661. A 6.1-rated protection failure could allow an unauthorized person with physical access to bypass BitLocker and access encrypted information stored on a device. Microsoft has not reported active exploitation, but the vulnerability was publicly disclosed before the patch arrived. The full list of Microsoft’s July 2026 Security Update Guide is available here. Shane Barney, Chief Information Security Officer at Keeper Security, said patch programs designed around a manageable monthly queue cannot process hundreds of fixes quickly without risk-based prioritization. He advised organizations to consider known exploitation, internet exposure, asset purpose and business impact alongside CVSS scores. A moderate vulnerability on an exposed authentication or collaboration server may require faster action than a critical bug on an isolated system. During patch testing and deployment, Barney recommended using Privileged Access Management controls to restrict how far a compromised account can proceed. Least-privilege policies, controlled administrator sessions and just-in-time access can limit lateral movement and unauthorized privilege gains while vulnerable systems await updates. July’s release puts the exploited AD FS and SharePoint vulnerabilities at the front of the patching queue. The BitLocker fix warrants prompt deployment on laptops and other devices exposed to theft, loss, or untrusted physical access, while the remaining updates should be ordered according to each organization’s systems and exposure. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts 0dayAICyber AttackCybersecurityMicrosoftPatch TuesdaysecuritySharePointVulnerability Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Apple News Privacy DJI drone app can transfer sensitive data and install malicious apps DJI drone app called "DJI GO4" can have full control of the users' devices... byDeeba Ahmed Read More Security Spotify desktop app bug writes data in massive proportions on a daily basis Your desktop’s hard drive might be in danger of losing a few years of its lifespan if you… byWaqas Read More Security Malware Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government. byDeeba Ahmed Read More Security Malware Source code of Cerberus banking trojan released online for free Initially, the source code of Cerberus banking trojan - active since July 2019 - was being auctioned by one of its developers. bySudais Asif

Indicators of Compromise

  • cve — CVE-2026-56155
  • cve — CVE-2026-56164
  • cve — CVE-2026-50661

Entities

Microsoft (vendor)Active Directory Federation Services (product)SharePoint Server (product)BitLocker (product)AI (technology)