Active Directory Federation Services actively exploited elevation of privilege privilege-escalation flaw (CVE-2026-56155)
Vulnerability
Summary
Hide ▲
Show ▼
Microsoft patched CVE-2026-56155 in Active Directory Federation Services (AD FS) after confirming active exploitation of an elevation-of-privilege flaw that could let an authorized attacker gain administrative privileges locally. The vulnerability was included in Microsoft’s July 2026 Patch Tuesday and is part of a larger security update release covering 570 flaws.
Related Happenings
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
Vulnerability
H score39
First: 10.06.2026 02:11
Last: 10.06.2026 02:11
Sources 1
About this happening:
Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
VulnerabilityAbout this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Latest development: 10.06.2026 08:22
The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.
CISA KEV order for BlueHammer patching
Public Sector Action
H score37
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...
CISA orders FCEB remediation for CVE-2025-60710
Public Sector Action
H score34
First: 15.04.2026 17:51
Last: 15.04.2026 17:51
Sources 1
About this happening:
CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...
CISA orders FCEB remediation for CVE-2025-60710
Public Sector ActionAbout this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...
Microsoft Secure Boot certificate expiration guidance for Windows devices
Advisory/Mitigation
H score48
First: 14.01.2026 11:38
Last: 14.01.2026 11:38
Sources 1
About this happening:
Microsoft warned that **Secure Boot certificates** used by most **Windows devices** expire starting in **June 2026**, creating a risk that some personal and business systems may n...
Microsoft Secure Boot certificate expiration guidance for Windows devices
Advisory/MitigationAbout this happening: Microsoft warned that **Secure Boot certificates** used by most **Windows devices** expire starting in **June 2026**, creating a risk that some personal and business systems may n...
Latest development: 10.02.2026 21:06
Microsoft released Windows 10 KB5075912 and continues rolling out replacement Secure Boot certificates to targeted Windows devices through monthly Windows updates, expanding delivery only after devices show sufficient successful update signals ahead of the June 2026 expiration.
Microsoft Windows 10 Consumer ESU enrollment glitch
Service Disruption
H score1
First: 16.11.2025 23:47
Last: 16.11.2025 23:47
Sources 1
About this happening:
Microsoft fixed an **out-of-band** enrollment glitch that was blocking some **Windows 10** users from joining the **Consumer Extended Security Update** program, preventing them fr...
Microsoft Windows 10 Consumer ESU enrollment glitch
Service DisruptionAbout this happening: Microsoft fixed an **out-of-band** enrollment glitch that was blocking some **Windows 10** users from joining the **Consumer Extended Security Update** program, preventing them fr...
Timeline
-
14.07.2026 21:01 2 articles · 2h ago
Microsoft patches actively exploited Active Directory Federation Services elevation-of-privilege flaw
Initial DisclosureMicrosoft's July 2026 Patch Tuesday includes CVE-2026-56155, an Active Directory Federation Services elevation-of-privilege vulnerability that Microsoft says was actively exploited in attacks and could let an authorized attacker elevate privileges locally to administrative access. Microsoft credited Jeremy Kingston and Scott Clark of Microsoft Detection and Response Team (DART), indicating the flaw was likely uncovered while investigating active attacks.
Show sources
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days — www.bleepingcomputer.com — 14.07.2026 21:01
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days — www.bleepingcomputer.com — 14.07.2026 21:01