Find notable cyber news and cases, enriched with sources, timelines, and signals.

Active Directory Federation Services actively exploited elevation of privilege privilege-escalation flaw (CVE-2026-56155)

Vulnerability
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft patched CVE-2026-56155 in Active Directory Federation Services (AD FS) after confirming active exploitation of an elevation-of-privilege flaw that could let an authorized attacker gain administrative privileges locally. The vulnerability was included in Microsoft’s July 2026 Patch Tuesday and is part of a larger security update release covering 570 flaws.

Related Happenings

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

CISA KEV order for BlueHammer patching

Public Sector Action
H score37 First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...

CISA orders FCEB remediation for CVE-2025-60710

Public Sector Action
H score34 First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...

Microsoft Secure Boot certificate expiration guidance for Windows devices

Advisory/Mitigation
H score48 First: 14.01.2026 11:38 Last: 14.01.2026 11:38 Sources 1

About this happening: Microsoft warned that **Secure Boot certificates** used by most **Windows devices** expire starting in **June 2026**, creating a risk that some personal and business systems may n...

Latest development: 10.02.2026 21:06

Microsoft released Windows 10 KB5075912 and continues rolling out replacement Secure Boot certificates to targeted Windows devices through monthly Windows updates, expanding delivery only after devices show sufficient successful update signals ahead of the June 2026 expiration.

Microsoft Windows 10 Consumer ESU enrollment glitch

Service Disruption
H score1 First: 16.11.2025 23:47 Last: 16.11.2025 23:47 Sources 1

About this happening: Microsoft fixed an **out-of-band** enrollment glitch that was blocking some **Windows 10** users from joining the **Consumer Extended Security Update** program, preventing them fr...

Timeline

  1. 14.07.2026 21:01 2 articles · 2h ago

    Microsoft patches actively exploited Active Directory Federation Services elevation-of-privilege flaw

    Initial Disclosure

    Microsoft's July 2026 Patch Tuesday includes CVE-2026-56155, an Active Directory Federation Services elevation-of-privilege vulnerability that Microsoft says was actively exploited in attacks and could let an authorized attacker elevate privileges locally to administrative access. Microsoft credited Jeremy Kingston and Scott Clark of Microsoft Detection and Response Team (DART), indicating the flaw was likely uncovered while investigating active attacks.

    Show sources