Severity: Critical
Date Released: 14 July 2026
Affected Organizations: Organizations using Microsoft Windows, SharePoint Server, AD FS, Microsoft Office, Hyper-V, Visual Studio, and other supported Microsoft products.
Overview
Microsoft has released its July 2026 Patch Tuesday security updates, addressing a record-breaking 570 vulnerabilities across Windows, Microsoft Office, SharePoint, Active Directory Federation Services (AD FS), Hyper-V, Visual Studio, and other Microsoft products. This is the largest Patch Tuesday release to date and includes three zero-day vulnerabilities, two of which are actively being exploited in the wild. This is attributed to the significant increase in reported vulnerabilities to Microsoft's expanded use of AI-assisted vulnerability discovery, enabling security flaws to be identified more rapidly than before.
Key Highlights
- Microsoft addressed 570 security vulnerabilities, making this the largest Patch Tuesday release on record.
- The release includes three zero-day vulnerabilities, with two confirmed to be actively exploited before patches became available.
- 59 vulnerabilities are rated Critical, the majority of which are Remote Code Execution (RCE) flaws that could allow attackers to execute arbitrary code on vulnerable systems.
- Windows, SharePoint Server, Active Directory Federation Services (AD FS), Microsoft Office, Hyper-V, and developer platforms are among the most affected products.
- Microsoft recently announced that AI-powered vulnerability discovery is increasing the number of identified software flaws, which is expected to result in larger Patch Tuesday releases going forward.
Featured Vulnerabilities
CVE-2026-56164 – Microsoft SharePoint Server Elevation of Privilege
This vulnerability affects Microsoft SharePoint Server, a platform widely used by organizations to manage documents and collaborate internally.
An Elevation of Privilege (EoP) vulnerability allows an attacker to obtain higher permissions than intended. In this case, an attacker who already has limited access to a SharePoint environment could elevate their privileges and gain greater control over the server.
CVE-2026-56155 – Active Directory Federation Services (AD FS) Elevation of Privilege
Active Directory Federation Services (AD FS) enables users to securely authenticate applications using a single set of credentials, commonly known as Single Sign-On (SSO). Successful exploitation could allow an attacker with existing access to elevate privileges and potentially compromise an organization's identity infrastructure, increasing the risk of lateral movement and unauthorized access to enterprise resources.
CVE-2026-50661 – Windows BitLocker Security Feature Bypass
This publicly disclosed vulnerability affects BitLocker, Microsoft's full-disk encryption technology designed to protect data if a device is lost or stolen.
A Security Feature Bypass vulnerability enables an attacker to circumvent an existing security mechanism rather than directly executing malicious code. Although Microsoft has not confirmed active exploitation, publicly disclosed vulnerabilities frequently receive increased attention from threat actors following disclosure, making timely remediation advisable.
Recommendations
Organizations should take the following actions:
- Prioritize patching the actively exploited zero-day vulnerabilities, particularly those affecting SharePoint Server and AD FS.
- Apply July 2026 cumulative updates to all supported Windows systems and Microsoft products.
- Verify that updates have been successfully deployed across all endpoints and servers.
- Review authentication logs for suspicious activity involving AD FS and privileged accounts.
- Monitor security tools for indicators of privilege escalation, unusual authentication events, or exploitation attempts targeting recently disclosed vulnerabilities.



.jpeg)
.jpeg)

.png)

.png)
.png)