Microsoft patches record 622 flaws including two zero-days under attack

Microsoft's July 2026 Patch Tuesday fixes 622 CVEs including exploited SharePoint and AD FS zero-days

CSBadmin
2 Min Read

Microsoft shipped its largest Patch Tuesday on record, releasing fixes for 622 CVEs across its product ecosystem. The July 2026 update more than triples June’s previous high of around 200 flaws and includes patches for two zero-days already under active attack.

Both exploited bugs are elevation-of-privilege vulnerabilities in critical identity and collaboration infrastructure. CVE-2026-56164 affects on-premises SharePoint Server, allowing an unauthenticated attacker to escalate privileges over the network without user interaction. Microsoft credited Mandiant’s incident response team and Google’s FLARE team, indicating the flaw was discovered during active attack investigations.

The second exploited zero-day, CVE-2026-56155, resides in Active Directory Federation Services (AD FS). It lets an already-authenticated attacker escalate privileges locally through weak access controls. Microsoft’s own DART incident response unit discovered the flaw.

Neither vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog as of this writing, though Microsoft’s own exploitability rating already marks both as actively exploited. Organizations running self-hosted SharePoint or AD FS should prioritize these patches immediately. The urgency is compounded by the end of extended support for SharePoint Server 2016 and 2019 on the same day, with no paid Extended Security Updates program available.

Microsoft also addressed a third publicly disclosed zero-day, CVE-2026-50661, a BitLocker bypass requiring physical access. While less urgent than the remote bugs, it continues a troubling trend of BitLocker bypasses this year.

The massive patch count reflects the accelerating pace of vulnerability discovery, driven in part by AI-assisted security research. Enterprise IT teams face an increasingly challenging remediation landscape as the volume of critical fixes continues to grow.

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.