Microsoft security patch release for CVE-2026-56164
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft released a record 622-CVE Patch Tuesday that includes two exploited flaws in SharePoint Server and Active Directory Federation Services, raising urgency for identity and collaboration systems. The top-priority fixes are CVE-2026-56164 and CVE-2026-56155, both elevation-of-privilege bugs already being used in attacks. Microsoft also bundled additional updates across Windows, Office, Edge, Azure, Defender, and developer tools. The release matters because defenders must triage a much larger-than-usual update set while attackers can immediately focus on the flaws already in use.
Related Happenings
Microsoft Corp. security patch release for CVE-2026-56155
Security Patch Release
H score46
First: 14.07.2026 22:22
Last: 14.07.2026 22:22
Sources 1
About this happening:
**Microsoft** released **July 2026 Patch Tuesday** updates that close at least **570 security holes** in **Windows** and other software, expanding the remediation burden for defen...
Microsoft Corp. security patch release for CVE-2026-56155
Security Patch ReleaseAbout this happening: **Microsoft** released **July 2026 Patch Tuesday** updates that close at least **570 security holes** in **Windows** and other software, expanding the remediation burden for defen...
Microsoft Windows 10 KB5099539 extended security update
Security Patch Release
H score16
First: 14.07.2026 21:49
Last: 14.07.2026 21:49
Sources 1
About this happening:
**Microsoft** released **Windows 10 KB5099539**, a security update bundle for **Windows 10 ESU** that rolls in **July 2026 Patch Tuesday** fixes for **570 vulnerabilities**. The p...
Microsoft Windows 10 KB5099539 extended security update
Security Patch ReleaseAbout this happening: **Microsoft** released **Windows 10 KB5099539**, a security update bundle for **Windows 10 ESU** that rolls in **July 2026 Patch Tuesday** fixes for **570 vulnerabilities**. The p...
Windows 11 KB5101650 and KB5099414 cumulative updates
Security Patch Release
H score27
First: 14.07.2026 20:41
Last: 14.07.2026 20:41
Sources 1
About this happening:
**Microsoft** released **Windows 11 KB5101650** and **KB5099414** cumulative updates for **25H2/24H2** and **23H2**, delivering the **July 2026 Patch Tuesday** fixes for **571 vul...
Windows 11 KB5101650 and KB5099414 cumulative updates
Security Patch ReleaseAbout this happening: **Microsoft** released **Windows 11 KB5101650** and **KB5099414** cumulative updates for **25H2/24H2** and **23H2**, delivering the **July 2026 Patch Tuesday** fixes for **571 vul...
Microsoft YellowKey patch release (CVE-2026-45585)
Security Patch Release
H score20
First: 11.06.2026 20:43
Last: 11.06.2026 20:43
Sources 1
About this happening:
Microsoft's **Patch Tuesday** updates this week patched **YellowKey (CVE-2026-45585)**, closing a **Windows BitLocker** bypass that could expose protected volumes. The vendor rele...
Microsoft YellowKey patch release (CVE-2026-45585)
Security Patch ReleaseAbout this happening: Microsoft's **Patch Tuesday** updates this week patched **YellowKey (CVE-2026-45585)**, closing a **Windows BitLocker** bypass that could expose protected volumes. The vendor rele...
Microsoft June 2026 Patch Tuesday record 206-vulnerability update
Security Patch Release
H score55
First: 10.06.2026 12:38
Last: 10.06.2026 12:38
Sources 1
About this happening:
Microsoft shipped a **record 206-vulnerability** update for its software portfolio, including **three publicly disclosed flaws**. The release spans **Critical** and **Important**...
Microsoft June 2026 Patch Tuesday record 206-vulnerability update
Security Patch ReleaseAbout this happening: Microsoft shipped a **record 206-vulnerability** update for its software portfolio, including **three publicly disclosed flaws**. The release spans **Critical** and **Important**...
Timeline
-
14.07.2026 23:25 2 articles · 2h ago
Microsoft ships record July Patch Tuesday with two exploited zero-days
Initial DisclosureMicrosoft released a record July Patch Tuesday covering 622 CVEs, including two already exploited elevation-of-privilege flaws in on-premises SharePoint Server and Active Directory Federation Services. The release pushes immediate remediation priority toward identity and collaboration infrastructure because the affected systems are core trust services.
Show sources
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25
-
14.07.2026 23:25 1 articles · 2h ago
SharePoint Server and AD FS flaws expose privilege escalation paths
Technical Analysis UpdateCVE-2026-56164 in on-premises SharePoint Server allows an unauthenticated attacker to escalate privileges over the network, while CVE-2026-56155 in Active Directory Federation Services allows an already-authenticated attacker to elevate privileges locally through weak access controls. Microsoft credits Mandiant incident responders, Google's FLARE team, and Microsoft's DART incident-response unit with the discoveries, pointing to active attack investigation around both flaws.
Show sources
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25
-
14.07.2026 23:25 1 articles · 2h ago
Microsoft removes the Kerberos RC4 rollback switch
Mitigation Patch UpdateMicrosoft's July rollout removes the RC4DefaultDisablementPhase rollback switch, so RC4 works only for accounts explicitly configured to allow it. Administrators are told to audit RC4 usage, rotate passwords on flagged service accounts to generate AES keys, and patch before legacy services or clients lose authentication.
Show sources
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25