Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits

Jul 16, 2026

Microsoft has released its July 2026 Patch Tuesday security updates, addressing a record-breaking 570 vulnerabilities across Windows, Microsoft Office, SharePoint Server, Visual Studio, Azure, SQL Server, and other Microsoft products. The release includes three zero-day vulnerabilities, two of which are already being actively exploited in the wild, making immediate patching a top priority for organizations.

The July release surpasses even Microsoft's previous record from June 2026, highlighting the increasing pace of vulnerability discovery. Microsoft has indicated that AI-assisted security research is contributing to the growing number of identified flaws, allowing vulnerabilities to be found and remediated faster.

Microsoft July 2026 Patch Tuesday at a Glance

Category

Details

Release Date

July 2026 Patch Tuesday

Total Vulnerabilities Fixed

570

Zero-Day Vulnerabilities

3

Actively Exploited Zero-Days

2

Publicly Disclosed Zero-Days

1

Critical Vulnerabilities

59

Most Affected Products

Windows, SharePoint Server, Active Directory Federation Services (AD FS), Microsoft Office, Visual Studio, SQL Server, Azure

Risk Level

Critical

Source: Microsoft Security Updates and BleepingComputer

Three Zero-Day Vulnerabilities Patched

Microsoft addressed three zero-day vulnerabilities during this month's Patch Tuesday.

1. CVE-2026-56155 - Active Directory Federation Services Elevation of Privilege

This vulnerability affects Active Directory Federation Services (AD FS) and has already been exploited by attackers.

Successful exploitation allows an authenticated attacker to elevate privileges and obtain administrator-level permissions within vulnerable AD FS environments. Organizations using on-premises federation services should prioritize installing this update immediately.

2. CVE-2026-56164 - SharePoint Server Elevation of Privilege

Microsoft confirmed active exploitation of a privilege escalation vulnerability affecting SharePoint Server.

The flaw can allow attackers to elevate privileges without authentication under certain attack conditions, posing significant risk to organizations running on-premises SharePoint deployments. Immediate remediation is strongly recommended.

3. BitLocker Zero-Day (Publicly Disclosed)

The third zero-day patched this month affects BitLocker and had been publicly disclosed before an official fix became available.

Although Microsoft has not confirmed active exploitation, public disclosure significantly increases the likelihood that attackers could develop working exploits. Applying July security updates eliminates this risk.

Breakdown of Vulnerabilities

The 570 patched vulnerabilities span multiple categories.

Vulnerability Type

Number Fixed

Elevation of Privilege

254

Remote Code Execution

112

Information Disclosure

78

Denial of Service

48

Security Feature Bypass

31

Spoofing

24

Tampering

23

Numbers exclude Microsoft Edge vulnerabilities addressed separately.

Why This Patch Tuesday Matters

This is Microsoft's largest Patch Tuesday release to date.

The combination of:

  • Two actively exploited zero-days

  • A publicly disclosed BitLocker vulnerability

  • 59 Critical flaws

  • Hundreds of elevation-of-privilege vulnerabilities

creates an unusually high-risk patch cycle for enterprise environments. Organizations delaying updates leave critical infrastructure exposed to known attack techniques already being used in the wild.

Products Receiving Security Updates

Microsoft released security fixes across its ecosystem, including:

  • Windows 10

  • Windows 11

  • Windows Server

  • Microsoft Office

  • SharePoint Server

  • Active Directory Federation Services (AD FS)

  • Visual Studio

  • SQL Server

  • Azure components

  • Microsoft .NET

  • Microsoft Dynamics

Organizations should review Microsoft's Security Update Guide to determine which products require immediate patching.

What Security Teams Should Do

Security administrators should prioritize the July updates by:

  1. Immediately patching internet-facing SharePoint Server deployments.

  2. Updating Active Directory Federation Services servers.

  3. Deploying Windows cumulative updates across endpoints.

  4. Monitoring systems for indicators of compromise related to the exploited zero-days.

  5. Validating successful installation of updates across all supported Microsoft products.

Rapid deployment is particularly important because attackers frequently reverse-engineer Patch Tuesday updates to develop exploits targeting unpatched systems.

ClearPhish Recommendation

Patching remains one of the most effective defenses against cyberattacks, but technical updates alone cannot eliminate organizational risk. Attackers commonly combine software vulnerabilities with phishing campaigns to gain initial access before exploiting privilege escalation flaws.

Organizations should pair timely patch management with continuous phishing simulations, employee security awareness training, and proactive monitoring to reduce overall attack exposure.

Conclusion

Microsoft's July 2026 Patch Tuesday is the largest security release in the company's history, fixing 570 vulnerabilities, including three zero-days and two vulnerabilities already under active attack. Organizations should treat this month's updates as high priority, particularly those operating SharePoint Server or Active Directory Federation Services.

Applying these patches promptly can significantly reduce exposure to known exploits while strengthening defenses against emerging threats.

Latest News

Google Gemini CLI Abused by Hackers as AI Malware Botnet Operator

Google Gemini CLI Abused by Hackers as AI Malware Botnet Operator

Google Gemini CLI Abused by Hackers as AI Malware Botnet Operator

Google Gemini CLI Abused by Hackers as AI Malware Botnet Operator

Google Gemini CLI Abused by Hackers as AI Malware Botnet Operator

Jul 16, 2026

Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits

Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits

Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits

Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits

Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits

Jul 16, 2026

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Jul 6, 2026

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Jun 26, 2026

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Jun 23, 2026

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Jun 17, 2026

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.