Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities Including 3 Zero-Day Exploits
Jul 16, 2026
Microsoft has released its July 2026 Patch Tuesday security updates, addressing a record-breaking 570 vulnerabilities across Windows, Microsoft Office, SharePoint Server, Visual Studio, Azure, SQL Server, and other Microsoft products. The release includes three zero-day vulnerabilities, two of which are already being actively exploited in the wild, making immediate patching a top priority for organizations.
The July release surpasses even Microsoft's previous record from June 2026, highlighting the increasing pace of vulnerability discovery. Microsoft has indicated that AI-assisted security research is contributing to the growing number of identified flaws, allowing vulnerabilities to be found and remediated faster.
Microsoft July 2026 Patch Tuesday at a Glance
Category | Details |
|---|---|
Release Date | July 2026 Patch Tuesday |
Total Vulnerabilities Fixed | 570 |
Zero-Day Vulnerabilities | 3 |
Actively Exploited Zero-Days | 2 |
Publicly Disclosed Zero-Days | 1 |
Critical Vulnerabilities | 59 |
Most Affected Products | Windows, SharePoint Server, Active Directory Federation Services (AD FS), Microsoft Office, Visual Studio, SQL Server, Azure |
Risk Level | Critical |
Source: Microsoft Security Updates and BleepingComputer
Three Zero-Day Vulnerabilities Patched
Microsoft addressed three zero-day vulnerabilities during this month's Patch Tuesday.
1. CVE-2026-56155 - Active Directory Federation Services Elevation of Privilege
This vulnerability affects Active Directory Federation Services (AD FS) and has already been exploited by attackers.
Successful exploitation allows an authenticated attacker to elevate privileges and obtain administrator-level permissions within vulnerable AD FS environments. Organizations using on-premises federation services should prioritize installing this update immediately.
2. CVE-2026-56164 - SharePoint Server Elevation of Privilege
Microsoft confirmed active exploitation of a privilege escalation vulnerability affecting SharePoint Server.
The flaw can allow attackers to elevate privileges without authentication under certain attack conditions, posing significant risk to organizations running on-premises SharePoint deployments. Immediate remediation is strongly recommended.
3. BitLocker Zero-Day (Publicly Disclosed)
The third zero-day patched this month affects BitLocker and had been publicly disclosed before an official fix became available.
Although Microsoft has not confirmed active exploitation, public disclosure significantly increases the likelihood that attackers could develop working exploits. Applying July security updates eliminates this risk.
Breakdown of Vulnerabilities
The 570 patched vulnerabilities span multiple categories.
Vulnerability Type | Number Fixed |
|---|---|
Elevation of Privilege | 254 |
Remote Code Execution | 112 |
Information Disclosure | 78 |
Denial of Service | 48 |
Security Feature Bypass | 31 |
Spoofing | 24 |
Tampering | 23 |
Numbers exclude Microsoft Edge vulnerabilities addressed separately.
Why This Patch Tuesday Matters
This is Microsoft's largest Patch Tuesday release to date.
The combination of:
Two actively exploited zero-days
A publicly disclosed BitLocker vulnerability
59 Critical flaws
Hundreds of elevation-of-privilege vulnerabilities
creates an unusually high-risk patch cycle for enterprise environments. Organizations delaying updates leave critical infrastructure exposed to known attack techniques already being used in the wild.
Products Receiving Security Updates
Microsoft released security fixes across its ecosystem, including:
Windows 10
Windows 11
Windows Server
Microsoft Office
SharePoint Server
Active Directory Federation Services (AD FS)
Visual Studio
SQL Server
Azure components
Microsoft .NET
Microsoft Dynamics
Organizations should review Microsoft's Security Update Guide to determine which products require immediate patching.
What Security Teams Should Do
Security administrators should prioritize the July updates by:
Immediately patching internet-facing SharePoint Server deployments.
Updating Active Directory Federation Services servers.
Deploying Windows cumulative updates across endpoints.
Monitoring systems for indicators of compromise related to the exploited zero-days.
Validating successful installation of updates across all supported Microsoft products.
Rapid deployment is particularly important because attackers frequently reverse-engineer Patch Tuesday updates to develop exploits targeting unpatched systems.
ClearPhish Recommendation
Patching remains one of the most effective defenses against cyberattacks, but technical updates alone cannot eliminate organizational risk. Attackers commonly combine software vulnerabilities with phishing campaigns to gain initial access before exploiting privilege escalation flaws.
Organizations should pair timely patch management with continuous phishing simulations, employee security awareness training, and proactive monitoring to reduce overall attack exposure.
Conclusion
Microsoft's July 2026 Patch Tuesday is the largest security release in the company's history, fixing 570 vulnerabilities, including three zero-days and two vulnerabilities already under active attack. Organizations should treat this month's updates as high priority, particularly those operating SharePoint Server or Active Directory Federation Services.
Applying these patches promptly can significantly reduce exposure to known exploits while strengthening defenses against emerging threats.






