Microsoft addresses 570 flaws, including 59 critical and three zero-days via July 2026 Patch Tuesday

15 Jul 2026

Microsoft Patch Tuesday July 2026

The July edition of the Patch Tuesday update addresses 570 vulnerabilities, including 3 zero-day vulnerabilities.

 

The following vulnerabilities were addressed through the update that threat actors exploited to orchestrate attacks:

Number 

Type of 
vulnerabilities 

254 

Privilege elevation 

102 

Information  
disclosure 

35 

Denial of Service 

16 

Spoofing 

17 

Security feature 
bypass 

145 

Remote code 
execution 

3 zero-day vulnerabilities addressed

CVE-2026-56155 – Active Directory Federation Services – Elevation of Privilege

Microsoft has addressed one zero-day flaw in Active Directory Federation Services (AD FS) that attackers are exploiting to obtain elevated privileges within an organization’s infrastructure.

 

All the federated authentication and single sign-on happens through AD FS, across on-premise, cloud, and third-party applications. Therefore, attackers can compromise trusted authentication services, strengthen foothold after initial access, and expand access across connected environments.

 

The attackers can exploit the vulnerability to:

 

  • Escalate privileges across AD FS environments
  • Compromise trusted identity and authentication services
  • Create or manipulate authentication tokens to access connected applications
  • Bypass normal authentication and authorization controls
  • Gain unauthorized access to Cloud, Microsoft 365, and all the enterprise apps that rely on AD FS
  • Move laterally across Active Directory and hybrid environments
  • Establish long term persistence within identity ifn5rastrucurtre
  • Steal sensitive user identities and authentication data
  • Facilitate the deployment of ransomware
  • Orchestrate broader cyber attack

 

CVE-2026-56164 – Microsoft SharePoint Server – Elevation of Privilege

Many enterprises globally rely on SharePoint to store business critical documents, collaboration data, and organizational knowledge. This zero-day elevation flaw can be exploited by attackers to execute actions with elevated privileged access. They can use the access to expand their attack across the enterprise.

 

The attackers can exploit the vulnerability to:

 

  • Gain elevated privileges within SharePoint Server
  • Access confidential documents, files, and collaboration data
  • Modify or delete business critical data
  • Deploy malicious web shells or create backdoors on SharePoint servers
  • Move laterally to other internal systems using compromised servers
  • Establish persistence within enterprise environments
  • Use compromised SharePoint servers as a stage for ransomware attacks
  • Orchestrate espionage operations by collecting sensitive organizational information

 

CVE-2026-50661 – Windows BitLocker – Security Feature Bypass

This is a zero day security feature bypass flaw in Windows BitLocker that allowed attackers to bypass protection mechanisms in Windows under specific conditions. BitLocker is a Microsoft security feature designed to protect data stored in Windows devices through full volume encryption. Therefore, by exploiting the flaw attackers with physical access or sufficient local access may be able to access encrypted data, circumvent device security, and expose sensitive corporate or personal information.

 

The attackers can exploit the vulnerability to:

 

  • Bypass the encryption protections in BitLocker
  • Access confidential files in endpoints
  • Extract confidential customer, corporate, or government data from compromised devices
  • Bypass encryption mechanisms at the endpoint-level
  • Harvest credentials, tokens, and secrets stored locally offline
  • Orchestrate follow-on attacks on enterprise environments
  • Carry out espionage and gather intelligence

SharkStriker’s recommendations

The following are some of the security recommendations:

 

  • Immediately review and apply the July 2026 Microsoft security updates across all affected systems.
  • Prioritize remediation of the actively exploited Zero-Day vulnerabilities affecting AD FS and Microsoft SharePoint Server.
  • Prioritize patching Critical vulnerabilities affecting internet-facing systems and enterprise infrastructure.
  • Ensure endpoint protection, EDR, and SIEM monitoring solutions are actively monitoring for suspicious privilege escalation, authentication abuse, and remote code execution activity.
  • Validate backup integrity and incident response readiness in case of attempted exploitation.
  • Ensure enterprise patch management processes are functioning correctly and verify successful deployment across all supported systems.

Get in Touch With us

We have explored what risk tolerance and risk appetite are and how important they are together in helping businesses align cybersecurity with their business goals. It can help CISOs, and C-suite make informed investment decisions for cybersecurity.

LEARN MORE