Microsoft addresses 570 flaws, including 59 critical and three zero-days via July 2026 Patch Tuesday
15 Jul 2026
Microsoft Patch Tuesday July 2026
The July edition of the Patch Tuesday update addresses 570 vulnerabilities, including 3 zero-day vulnerabilities.
The following vulnerabilities were addressed through the update that threat actors exploited to orchestrate attacks:
|
Number |
Type of |
|
254 |
Privilege elevation |
|
102 |
Information |
|
35 |
Denial of Service |
|
16 |
Spoofing |
|
17 |
Security feature |
|
145 |
Remote code |
3 zero-day vulnerabilities addressed
CVE-2026-56155 – Active Directory Federation Services – Elevation of Privilege
Microsoft has addressed one zero-day flaw in Active Directory Federation Services (AD FS) that attackers are exploiting to obtain elevated privileges within an organization’s infrastructure.
All the federated authentication and single sign-on happens through AD FS, across on-premise, cloud, and third-party applications. Therefore, attackers can compromise trusted authentication services, strengthen foothold after initial access, and expand access across connected environments.
The attackers can exploit the vulnerability to:
- Escalate privileges across AD FS environments
- Compromise trusted identity and authentication services
- Create or manipulate authentication tokens to access connected applications
- Bypass normal authentication and authorization controls
- Gain unauthorized access to Cloud, Microsoft 365, and all the enterprise apps that rely on AD FS
- Move laterally across Active Directory and hybrid environments
- Establish long term persistence within identity ifn5rastrucurtre
- Steal sensitive user identities and authentication data
- Facilitate the deployment of ransomware
- Orchestrate broader cyber attack
CVE-2026-56164 – Microsoft SharePoint Server – Elevation of Privilege
Many enterprises globally rely on SharePoint to store business critical documents, collaboration data, and organizational knowledge. This zero-day elevation flaw can be exploited by attackers to execute actions with elevated privileged access. They can use the access to expand their attack across the enterprise.
The attackers can exploit the vulnerability to:
- Gain elevated privileges within SharePoint Server
- Access confidential documents, files, and collaboration data
- Modify or delete business critical data
- Deploy malicious web shells or create backdoors on SharePoint servers
- Move laterally to other internal systems using compromised servers
- Establish persistence within enterprise environments
- Use compromised SharePoint servers as a stage for ransomware attacks
- Orchestrate espionage operations by collecting sensitive organizational information
CVE-2026-50661 – Windows BitLocker – Security Feature Bypass
This is a zero day security feature bypass flaw in Windows BitLocker that allowed attackers to bypass protection mechanisms in Windows under specific conditions. BitLocker is a Microsoft security feature designed to protect data stored in Windows devices through full volume encryption. Therefore, by exploiting the flaw attackers with physical access or sufficient local access may be able to access encrypted data, circumvent device security, and expose sensitive corporate or personal information.
The attackers can exploit the vulnerability to:
- Bypass the encryption protections in BitLocker
- Access confidential files in endpoints
- Extract confidential customer, corporate, or government data from compromised devices
- Bypass encryption mechanisms at the endpoint-level
- Harvest credentials, tokens, and secrets stored locally offline
- Orchestrate follow-on attacks on enterprise environments
- Carry out espionage and gather intelligence
SharkStriker’s recommendations
The following are some of the security recommendations:
- Immediately review and apply the July 2026 Microsoft security updates across all affected systems.
- Prioritize remediation of the actively exploited Zero-Day vulnerabilities affecting AD FS and Microsoft SharePoint Server.
- Prioritize patching Critical vulnerabilities affecting internet-facing systems and enterprise infrastructure.
- Ensure endpoint protection, EDR, and SIEM monitoring solutions are actively monitoring for suspicious privilege escalation, authentication abuse, and remote code execution activity.
- Validate backup integrity and incident response readiness in case of attempted exploitation.
- Ensure enterprise patch management processes are functioning correctly and verify successful deployment across all supported systems.