Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days
Key Takeaways Microsoft’s July 2026 Patch Tuesday addresses 570 vulnerabilities, including three zero-day flaws. Two of the zero-days, affecting SharePoint Server and Active Directory...
Key Takeaways
- Microsoft’s July 2026 Patch Tuesday addresses 570 vulnerabilities, including three zero-day flaws.
- Two of the zero-days, affecting SharePoint Server and Active Directory Federation Services, are confirmed to be actively exploited.
- A third zero-day in Windows BitLocker, while publicly disclosed, has no confirmed exploitation.
- Two critical Remote Code Execution (RCE) vulnerabilities in SharePoint and Print Spooler demand immediate attention.
- Patches are available across a wide range of Microsoft products, with most requiring manual deployment.
Microsoft’s July 2026 Patch Tuesday Addresses Three Zero-Days Amidst Extensive Fixes
Microsoft has released its July 2026 Patch Tuesday updates, delivering a comprehensive set of fixes for approximately 570 vulnerabilities spanning its diverse product ecosystem. This extensive release follows a record-breaking June, which saw 206 flaws addressed, including three publicly disclosed zero-days. The current update is particularly critical due to the presence of three new zero-day vulnerabilities, two of which are actively being exploited in the wild.
Table Of Content
- Key Takeaways
- Microsoft’s July 2026 Patch Tuesday Addresses Three Zero-Days Amidst Extensive Fixes
- Critical Zero-Days Under Active Exploitation
- Publicly Disclosed BitLocker Bypass
- Broad Impact Across Microsoft Products
- Critical Remote Code Execution Flaws
- Prevalent Elevation of Privilege Issues
- Additional High-Priority Vulnerabilities
- Notable Vulnerabilities Addressed
- What You Should Do
Critical Zero-Days Under Active Exploitation
Among the most pressing concerns are two zero-day vulnerabilities confirmed to be under active exploitation:
- CVE-2026-56164: Microsoft SharePoint Server Elevation of Privilege
- CVE-2026-56155: Active Directory Federation Services Elevation of Privilege
This vulnerability impacts Microsoft SharePoint Server, enabling an attacker to escalate privileges within an authenticated or already compromised session. Historically, SharePoint Elevation of Privilege (EoP) flaws have been combined with Remote Code Execution (RCE) bugs to achieve complete server control. Despite its “Moderate” severity rating, the active exploitation of CVE-2026-56164 necessitates that on-premises SharePoint deployments be considered a top patching priority. Real-world attack chains frequently leverage lower-severity EoP vulnerabilities in conjunction with other flaws to maximize impact.
Also confirmed as actively exploited, CVE-2026-56155 affects Active Directory Federation Services (AD FS), Microsoft’s crucial component for identity federation and single sign-on (SSO) infrastructure. Given AD FS’s role in underpinning authentication trust across hybrid Azure AD and on-premises environments, successful exploitation could allow an attacker to escalate privileges and expand their reach into broader identity infrastructure, reminiscent of past AD FS “golden SAML” attacks.
Publicly Disclosed BitLocker Bypass
A third zero-day, CVE-2026-50661, is a Windows BitLocker Security Feature Bypass vulnerability. While publicly disclosed prior to the patch release, there is currently no confirmed evidence of active exploitation. This vulnerability shares characteristics with the previously disclosed “YellowKey” BitLocker bypass (CVE-2026-45585) from earlier in 2026. Both flaws exploit weaknesses in BitLocker’s recovery environment, rather than its core encryption, allowing attackers with physical access to bypass disk encryption on devices that are lost or stolen.
Broad Impact Across Microsoft Products
The July Patch Tuesday addresses a wide array of vulnerabilities across various impact types:
- Elevation of Privilege: 249
- Remote Code Execution: 143
- Information Disclosure: 102
- Denial of Service: 35
- Security Feature Bypass: 17
- Spoofing: 16
- Tampering: 8
- Total: 570
This month’s update encompasses critical components of the Windows operating system, Microsoft Office, SharePoint Server, Remote Desktop Services, and Windows Admin Center. Notably, most of these fixes necessitate direct customer intervention, as they are not automatically resolved through cloud servicing.
Critical Remote Code Execution Flaws
Two vulnerabilities have been designated as Critical-rated Remote Code Execution (RCE) flaws, historically prime targets for ransomware groups and nation-state actors:
- CVE-2026-58644: A Microsoft SharePoint Remote Code Execution vulnerability.
- CVE-2026-58608: A Windows Print Spooler RCE bug.
Enterprises managing on-premises SharePoint deployments should prioritize patching CVE-2026-58644 due to its Critical severity and RCE capabilities, aligning with known exploitation patterns in previous SharePoint zero-day campaigns.
Prevalent Elevation of Privilege Issues
Elevation of Privilege (EoP) remains the most common vulnerability class in this cycle, affecting critical components such as the Windows Kernel, DirectX Graphics Kernel, Desktop Window Manager, and the Win32K subsystem. Attackers typically chain these EoP bugs with an initial foothold to gain SYSTEM-level access.
Additional High-Priority Vulnerabilities
Organizations that expose Remote Desktop Services, Windows Admin Center, or DHCP Server to internal or hybrid networks should also prioritize patches for CVE-2026-58626, CVE-2026-58631, and CVE-2026-58627. These components are frequently targeted in lateral movement attacks.
Notable Vulnerabilities Addressed:
- CVE-2026-58647: Microsoft PowerBI Report Server Spoofing (Important)
- CVE-2026-58640: Windows NTFS RCE (Important)
- CVE-2026-58638: Windows Boot Loader Security Feature Bypass (Important)
- CVE-2026-58637: Windows Client-Side Caching EoP (Important)
- CVE-2026-58636: Microsoft PC Manager EoP (Important)
- CVE-2026-58635: Windows Narrator Braille EoP (Important)
- CVE-2026-58634: Desktop Window Manager EoP (Important)
- CVE-2026-58633: Desktop Window Manager EoP (Important)
- CVE-2026-58632: Windows Win32K EoP (Important)
- CVE-2026-58631: Windows Admin Center RCE (Important)
- CVE-2026-58629: DirectX Graphics Kernel EoP (Important)
- CVE-2026-58628: Windows Wireless Network Manager EoP (Important)
- CVE-2026-58627: Windows DHCP Server DoS (Important)
- CVE-2026-58626: Windows RDS RCE (Important)
- CVE-2026-58619: Windows Sensor Data Service EoP (Important)
- CVE-2026-58618: Microsoft Excel RCE (Important)
- CVE-2026-58617: M365 Copilot for iOS EoP (Important)
- CVE-2026-58614: Windows Kernel Security Feature Bypass (Important)
- CVE-2026-58613: Windows Cloud Files Mini Filter Driver EoP (Important)
- CVE-2026-58610: Windows Media Foundation RCE (Important)
- CVE-2026-58609: Windows Graphics Component RCE (Important)
- CVE-2026-58602: Windows Kernel-Mode Driver EoP (Important)
- CVE-2026-58601: VHD Miniport Driver EoP (Important)
- CVE-2026-58595: Microsoft Bing App for iOS Spoofing (Important)
- CVE-2026-58594: Remote Desktop Client RCE (Important)
- CVE-2026-58547: Windows UPnP Device Host EoP (Important)
- CVE-2026-58546: Windows RDP Client Information Disclosure (Important)
- CVE-2026-58545: Windows Kernel Security Feature Bypass (Important)
What You Should Do
- Immediately Prioritize Critical RCEs: IT administrators should prioritize testing and deploying patches for CVE-2026-58644 (SharePoint RCE) and CVE-2026-58608 (Print Spooler RCE) within the next 48 hours due to their critical severity and history as high-value exploitation targets.
- Address Actively Exploited Zero-Days: Patch CVE-2026-56164 (SharePoint EoP) and <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.