AntiMalwareJuly 15, 2026🇷🇺Translated from Russian

Microsoft Patches Record 570 Windows Vulnerabilities in July Update, Including Three Actively Exploited Zero-Days

Microsoft has issued its largest monthly security update yet, releasing patches for a record 570 vulnerabilities across Windows and associated products. The July Patch Tuesday rollout includes three zero-day flaws, two of which were already being actively exploited in real attacks.

Fifty-nine of the issues received a critical severity rating. Of these, 48 allow remote code execution, nine enable privilege escalation, and the remainder involve security feature bypass or data tampering. The largest category of fixes addressed privilege escalation vulnerabilities, totaling 254, followed by 145 remote code execution flaws, 102 information disclosure issues, 35 denial-of-service problems, and 16 spoofing vulnerabilities.

The first actively exploited zero-day, CVE-2026-56155, affects Active Directory Federation Services. An authenticated attacker can abuse the flaw to obtain administrative privileges. Microsoft has not yet disclosed technical details of the observed attacks.

The second zero-day, CVE-2026-56164, resides in SharePoint Server. Due to missing authentication checks, a remote attacker can elevate privileges. As a temporary mitigation, Microsoft recommends enabling AMSI and full request-body scanning.

The third zero-day, CVE-2026-50661, was already publicly known before the update. It allows an attacker with physical access to bypass BitLocker encryption and access protected data. Microsoft had previously warned that the volume of patches would increase because the company is now using AI to hunt for vulnerabilities in the Windows source code.

The update touches numerous components, including multiple versions of .NET and .NET Framework, Active Directory Certificate Services, Active Directory Domain Services, Active Directory Federation Services, Azure Active Directory, Microsoft Office and Excel, Microsoft Defender, Exchange Server, and various Azure services. A selection of the addressed CVEs includes:

  • .NET – CVE-2026-50649 (Remote Code Execution, Important), CVE-2026-50525 (Denial of Service, Important)
  • Active Directory Federation Services – CVE-2026-56155 (Elevation of Privilege, Important)
  • Microsoft Office – CVE-2026-55129, CVE-2026-55049, CVE-2026-55045 (Remote Code Execution, Critical)
  • Microsoft Defender – CVE-2026-55012, CVE-2026-55011 (Remote Code Execution, Critical)

Security teams are strongly encouraged to deploy the updates as soon as possible to reduce exposure to both known and newly discovered threats.