Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy
July 14, 2026
Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days
July 14, 2026
Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users
July 14, 2026
Home/CyberSecurity News/Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days
CyberSecurity News

Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days

Key Takeaways Microsoft’s July 2026 Patch Tuesday addresses 570 vulnerabilities, including three zero-day flaws. Two of the zero-days, affecting SharePoint Server and Active Directory...

Emy Elsamnoudy
Emy Elsamnoudy
July 14, 2026 4 Min Read
2 0

Key Takeaways

  • Microsoft’s July 2026 Patch Tuesday addresses 570 vulnerabilities, including three zero-day flaws.
  • Two of the zero-days, affecting SharePoint Server and Active Directory Federation Services, are confirmed to be actively exploited.
  • A third zero-day in Windows BitLocker, while publicly disclosed, has no confirmed exploitation.
  • Two critical Remote Code Execution (RCE) vulnerabilities in SharePoint and Print Spooler demand immediate attention.
  • Patches are available across a wide range of Microsoft products, with most requiring manual deployment.

Microsoft’s July 2026 Patch Tuesday Addresses Three Zero-Days Amidst Extensive Fixes

Microsoft has released its July 2026 Patch Tuesday updates, delivering a comprehensive set of fixes for approximately 570 vulnerabilities spanning its diverse product ecosystem. This extensive release follows a record-breaking June, which saw 206 flaws addressed, including three publicly disclosed zero-days. The current update is particularly critical due to the presence of three new zero-day vulnerabilities, two of which are actively being exploited in the wild.

Table Of Content

  • Key Takeaways
  • Microsoft’s July 2026 Patch Tuesday Addresses Three Zero-Days Amidst Extensive Fixes
  • Critical Zero-Days Under Active Exploitation
  • Publicly Disclosed BitLocker Bypass
  • Broad Impact Across Microsoft Products
  • Critical Remote Code Execution Flaws
  • Prevalent Elevation of Privilege Issues
  • Additional High-Priority Vulnerabilities
  • Notable Vulnerabilities Addressed
  • What You Should Do

Critical Zero-Days Under Active Exploitation

Among the most pressing concerns are two zero-day vulnerabilities confirmed to be under active exploitation:

  • CVE-2026-56164: Microsoft SharePoint Server Elevation of Privilege
  • This vulnerability impacts Microsoft SharePoint Server, enabling an attacker to escalate privileges within an authenticated or already compromised session. Historically, SharePoint Elevation of Privilege (EoP) flaws have been combined with Remote Code Execution (RCE) bugs to achieve complete server control. Despite its “Moderate” severity rating, the active exploitation of CVE-2026-56164 necessitates that on-premises SharePoint deployments be considered a top patching priority. Real-world attack chains frequently leverage lower-severity EoP vulnerabilities in conjunction with other flaws to maximize impact.

  • CVE-2026-56155: Active Directory Federation Services Elevation of Privilege
  • Also confirmed as actively exploited, CVE-2026-56155 affects Active Directory Federation Services (AD FS), Microsoft’s crucial component for identity federation and single sign-on (SSO) infrastructure. Given AD FS’s role in underpinning authentication trust across hybrid Azure AD and on-premises environments, successful exploitation could allow an attacker to escalate privileges and expand their reach into broader identity infrastructure, reminiscent of past AD FS “golden SAML” attacks.

Publicly Disclosed BitLocker Bypass

A third zero-day, CVE-2026-50661, is a Windows BitLocker Security Feature Bypass vulnerability. While publicly disclosed prior to the patch release, there is currently no confirmed evidence of active exploitation. This vulnerability shares characteristics with the previously disclosed “YellowKey” BitLocker bypass (CVE-2026-45585) from earlier in 2026. Both flaws exploit weaknesses in BitLocker’s recovery environment, rather than its core encryption, allowing attackers with physical access to bypass disk encryption on devices that are lost or stolen.

Broad Impact Across Microsoft Products

The July Patch Tuesday addresses a wide array of vulnerabilities across various impact types:

  • Elevation of Privilege: 249
  • Remote Code Execution: 143
  • Information Disclosure: 102
  • Denial of Service: 35
  • Security Feature Bypass: 17
  • Spoofing: 16
  • Tampering: 8
  • Total: 570

This month’s update encompasses critical components of the Windows operating system, Microsoft Office, SharePoint Server, Remote Desktop Services, and Windows Admin Center. Notably, most of these fixes necessitate direct customer intervention, as they are not automatically resolved through cloud servicing.

Critical Remote Code Execution Flaws

Two vulnerabilities have been designated as Critical-rated Remote Code Execution (RCE) flaws, historically prime targets for ransomware groups and nation-state actors:

  • CVE-2026-58644: A Microsoft SharePoint Remote Code Execution vulnerability.
  • CVE-2026-58608: A Windows Print Spooler RCE bug.

Enterprises managing on-premises SharePoint deployments should prioritize patching CVE-2026-58644 due to its Critical severity and RCE capabilities, aligning with known exploitation patterns in previous SharePoint zero-day campaigns.

Prevalent Elevation of Privilege Issues

Elevation of Privilege (EoP) remains the most common vulnerability class in this cycle, affecting critical components such as the Windows Kernel, DirectX Graphics Kernel, Desktop Window Manager, and the Win32K subsystem. Attackers typically chain these EoP bugs with an initial foothold to gain SYSTEM-level access.

Additional High-Priority Vulnerabilities

Organizations that expose Remote Desktop Services, Windows Admin Center, or DHCP Server to internal or hybrid networks should also prioritize patches for CVE-2026-58626, CVE-2026-58631, and CVE-2026-58627. These components are frequently targeted in lateral movement attacks.

Notable Vulnerabilities Addressed:

  • CVE-2026-58647: Microsoft PowerBI Report Server Spoofing (Important)
  • CVE-2026-58640: Windows NTFS RCE (Important)
  • CVE-2026-58638: Windows Boot Loader Security Feature Bypass (Important)
  • CVE-2026-58637: Windows Client-Side Caching EoP (Important)
  • CVE-2026-58636: Microsoft PC Manager EoP (Important)
  • CVE-2026-58635: Windows Narrator Braille EoP (Important)
  • CVE-2026-58634: Desktop Window Manager EoP (Important)
  • CVE-2026-58633: Desktop Window Manager EoP (Important)
  • CVE-2026-58632: Windows Win32K EoP (Important)
  • CVE-2026-58631: Windows Admin Center RCE (Important)
  • CVE-2026-58629: DirectX Graphics Kernel EoP (Important)
  • CVE-2026-58628: Windows Wireless Network Manager EoP (Important)
  • CVE-2026-58627: Windows DHCP Server DoS (Important)
  • CVE-2026-58626: Windows RDS RCE (Important)
  • CVE-2026-58619: Windows Sensor Data Service EoP (Important)
  • CVE-2026-58618: Microsoft Excel RCE (Important)
  • CVE-2026-58617: M365 Copilot for iOS EoP (Important)
  • CVE-2026-58614: Windows Kernel Security Feature Bypass (Important)
  • CVE-2026-58613: Windows Cloud Files Mini Filter Driver EoP (Important)
  • CVE-2026-58610: Windows Media Foundation RCE (Important)
  • CVE-2026-58609: Windows Graphics Component RCE (Important)
  • CVE-2026-58602: Windows Kernel-Mode Driver EoP (Important)
  • CVE-2026-58601: VHD Miniport Driver EoP (Important)
  • CVE-2026-58595: Microsoft Bing App for iOS Spoofing (Important)
  • CVE-2026-58594: Remote Desktop Client RCE (Important)
  • CVE-2026-58547: Windows UPnP Device Host EoP (Important)
  • CVE-2026-58546: Windows RDP Client Information Disclosure (Important)
  • CVE-2026-58545: Windows Kernel Security Feature Bypass (Important)

What You Should Do

  • Immediately Prioritize Critical RCEs: IT administrators should prioritize testing and deploying patches for CVE-2026-58644 (SharePoint RCE) and CVE-2026-58608 (Print Spooler RCE) within the next 48 hours due to their critical severity and history as high-value exploitation targets.
  • Address Actively Exploited Zero-Days: Patch CVE-2026-56164 (SharePoint EoP) and <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-

    Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

    Tags:

    AttackCVEExploitPatchransomwareSecurityVulnerabilityzero-day

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users

Next Post

Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical FortiSandbox CVE-2023-34981 Exposes VNC Server to Attackers
July 14, 2026
SOC Efficiency: Cut Alert Overload and MTTR by 21 Minutes Per Case
July 14, 2026
Miasma Malware Creates Backdoors in npm Packages, Targets Dev Machines
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us