Doorgaan naar de hoofdinhoud
Splashtop20 years of trust
AanmeldenTest Gratis
+31 (0) 20 888 5115AanmeldenTest Gratis
Devices that could be affected by the July 2026 Patch Tuesday release.

July 2026 Patch Tuesday: 622 CVEs, 3 Zero-Days

8 minuten leestijd
Bijgewerkt
Ga aan de slag met Splashtop
Hoogwaardige oplossingen voor remote access, remote support en endpointmanagement.
Gratis proefperiode

Microsoft’s July 2026 Patch Tuesday release addresses 622 Microsoft CVEs across 154 security updates, making it the company’s largest Patch Tuesday release to date.

The release includes three zero-day vulnerabilities, two with exploitation detected and one that was publicly known before a fix became available. It also includes several Critical remote code execution vulnerabilities affecting Windows DNS Server, DHCP Server, Remote Desktop Services, SharePoint Server, SQL Server, and Microsoft Office.

IT teams should prioritize the actively exploited vulnerabilities first, followed by internet-facing systems, identity infrastructure, collaboration platforms, and business-critical servers. With hundreds of updates to manage, verifying successful deployment will be just as important as approving the patches themselves.

Microsoft Patch Breakdown

Microsoft’s July 2026 security release covers 622 Microsoft CVEs across 154 security updates. The updates span Windows, Microsoft Office, Microsoft Edge, SharePoint Server, SQL Server, Azure, Exchange Server, Microsoft Defender, Visual Studio, and other Microsoft products.

The release also includes 428 republished Chromium CVEs affecting Microsoft Edge.

July 2026 Release

Total

Microsoft CVEs addressed

622

Security updates

154

Zero-day vulnerabilities

3

Zero-days with exploitation detected

2

Publicly known zero-days

1

Republished Chromium CVEs

428

CVEs by Product Family

Product Family

CVEs

Windows

416

Microsoft Office

82

Microsoft Edge

46

Developer Tools

27

SharePoint Server

17

Azure

11

SQL Server

8

Microsoft Defender

5

Exchange Server

5

Other Microsoft Products

5

Total

622

Windows accounts for most of the vulnerabilities addressed this month, but the release extends well beyond endpoint operating systems. IT teams also need to account for updates affecting identity, collaboration, database, networking, browser, and developer environments.

Zero-Day Vulnerabilities to Prioritize

Microsoft addressed three zero-day vulnerabilities in July. Two are being actively exploited, while one was publicly known before a security update became available.

CVE

Affected Product

Impact

Status

Priority

CVE-2026-56155

Active Directory Federation Services

Elevation of Privilege

Exploitation detected

Immediate

CVE-2026-56164

Microsoft SharePoint Server

Elevation of Privilege

Exploitation detected

Immediate

CVE-2026-50661

Windows BitLocker

Security Feature Bypass

Publicly known

High

CVE-2026-56155: Active Directory Federation Services Elevation of Privilege

Microsoft has detected active exploitation of this vulnerability affecting Active Directory Federation Services. A successful attack could allow an authenticated attacker to gain elevated privileges within an affected environment.

Organizations using AD FS should treat this as an immediate identity-security priority. Patch affected systems as soon as possible and review authentication activity, changes to administrative privileges, and other signs of suspicious access.

CVE-2026-56164: Microsoft SharePoint Server Elevation of Privilege

This actively exploited vulnerability affects Microsoft SharePoint Server and could allow an attacker to gain elevated privileges.

Organizations running on-premises SharePoint Server should prioritize this update immediately, especially when servers are accessible from the internet or support sensitive business workflows. IT teams should also verify that the update was installed successfully across all affected SharePoint systems.

CVE-2026-50661: Windows BitLocker Security Feature Bypass

This BitLocker vulnerability was publicly known before Microsoft released a fix. Microsoft has not reported active exploitation, but public disclosure can increase the likelihood that attackers will begin targeting affected systems.

IT teams should prioritize laptops, shared devices, mobile endpoints, and systems at greater risk of theft or unauthorized physical access. Deploying the update promptly can help reduce exposure to attempts to bypass BitLocker protections.

Critical Vulnerabilities Affecting Enterprise Systems

Beyond the three zero-days, Microsoft addressed several Critical remote code execution vulnerabilities affecting core enterprise services. The most urgent issues include flaws in Windows DNS Server, DHCP Server, SharePoint Server, SQL Server, Remote Desktop Services, and Microsoft Office.

CVE

Product

Impact

CVSS

CVE-2026-58248

Windows DNS Server

Remote Code Execution

10.0

CVE-2026-58249

Windows DNS Server

Remote Code Execution

10.0

CVE-2026-58245

Windows DHCP Server

Remote Code Execution

9.8

CVE-2026-58261

Microsoft Office

Remote Code Execution

9.8

CVE-2026-58263

Microsoft Office

Remote Code Execution

9.8

CVE-2026-58253

SharePoint Server

Remote Code Execution

9.8

CVE-2026-58257

SQL Server

Remote Code Execution

9.8

CVE-2026-58272

Windows Remote Desktop Services

Remote Code Execution

9.8

Windows DNS and DHCP Server Vulnerabilities

The Windows DNS Server and DHCP Server vulnerabilities should be treated as high priorities because both services play a central role in network operations. Successful exploitation could affect systems responsible for name resolution, IP address assignment, and broader network availability.

IT teams should prioritize domain controllers and servers running DNS or DHCP roles, particularly those supporting critical sites or communicating across less-trusted network boundaries.

SharePoint Server and SQL Server Vulnerabilities

The SharePoint Server and SQL Server vulnerabilities could expose sensitive data and disrupt important business applications.

Internet-facing SharePoint servers should receive accelerated attention. SQL Server updates may require coordination with database and application owners, but testing should not create unnecessary delays for high-value or exposed systems.

Windows Remote Desktop Services Vulnerability

Remote Desktop Services can provide attackers with a direct path into high-value systems when broadly accessible or exposed to the internet.

Organizations should prioritize affected servers, review where Remote Desktop Services is enabled, and restrict access while updates are deployed. Systems accessible from partner networks or large internal user populations may also require faster remediation.

Microsoft Office Vulnerabilities

The two Critical Microsoft Office vulnerabilities affect a broad endpoint population and may be relevant to users who regularly open files from external sources.

IT teams should deploy these updates promptly across managed endpoints, especially for employees who handle email attachments, shared documents, or files from customers and partners.

How to Prioritize July 2026 Patches

With 622 Microsoft CVEs in this month’s release, IT teams should prioritize updates based on exploitation status, system exposure, severity, and business impact rather than treating every patch as equally urgent.

Patch Within 24 to 72 Hours

Prioritize the vulnerabilities and systems with the greatest immediate risk:

  • CVE-2026-56155 affecting Active Directory Federation Services

  • CVE-2026-56164 affecting Microsoft SharePoint Server

  • Internet-facing SharePoint environments

  • Identity infrastructure

  • Exposed Remote Desktop Services

  • DNS and DHCP servers supporting critical operations

The two actively exploited zero-days should be prioritized in the deployment queue. Organizations using AD FS or on-premises SharePoint Server should patch affected systems as soon as operationally possible and confirm that installation completed successfully.

Patch Within 72 Hours

Next, focus on Critical remote code execution vulnerabilities affecting high-value enterprise infrastructure, including:

  • Windows DNS Server

  • Windows DHCP Server

  • SharePoint Server

  • SQL Server

  • Windows Remote Desktop Services

Systems with CVSS scores of 9.8 or 10.0 should receive accelerated attention, especially when they are internet-facing, broadly accessible, or essential to authentication, networking, collaboration, or business applications.

Patch Within 1 to 2 Weeks

This tier should include:

  • CVE-2026-50661 affecting Windows BitLocker

  • Critical Microsoft Office vulnerabilities

  • Remaining Critical updates on systems without direct external exposure

  • High-severity vulnerabilities affecting standard managed endpoints

Public disclosure makes the BitLocker vulnerability more urgent than a typical non-exploited flaw, particularly for laptops, mobile devices, and shared systems.

Regular Patch Cycle

Lower-severity vulnerabilities with no public disclosure, confirmed exploitation, or significant external exposure can move through the normal testing and deployment process.

Even lower-priority updates should not be ignored. IT teams should continue tracking failed installations, offline devices, and endpoints that fall outside standard maintenance windows.

The most effective prioritization combines Microsoft’s exploitability information with CVSS severity, exposure, system role, and business impact. Internet-facing services, identity systems, domain controllers, collaboration platforms, and remote access infrastructure should remain at the front of the queue.

Notable Third-Party Updates

Microsoft also republished 428 Chromium CVEs affecting Microsoft Edge. These are non-Microsoft vulnerabilities and should be tracked separately from the 622 Microsoft CVEs addressed in the July release.

Because Edge is widely deployed across Windows environments, browser updates should be included in the same compliance review as operating system and Office patches. IT teams should confirm that managed devices are running current Edge versions and identify endpoints that may have missed automatic updates because they were offline or outside normal management workflows.

Browser vulnerabilities can still create meaningful risk, especially when users access untrusted websites, open web-based applications, or work with externally hosted content. Keeping Edge updated helps reduce exposure alongside the broader Microsoft patch rollout.

How Splashtop AEM Helps IT Teams Deploy Patches

A Patch Tuesday release this large can be difficult to manage with manual workflows alone. Splashtop AEM helps IT teams identify missing updates, deploy patches faster, and verify remediation across managed endpoints from a centralized console.

With Splashtop AEM, IT teams can:

  • View CVE and endpoint insights to identify systems affected by newly disclosed vulnerabilities.

  • Deploy Windows and supported third-party software updates in real time.

  • Automate patching through policies, schedules, and maintenance windows.

  • Use ring-based deployments to test updates with a smaller device group before expanding rollout.

  • Monitor patch status, failures, and compliance across managed endpoints.

  • Run scripts and remediation actions when an update fails or additional action is required.

  • Use hardware and software inventory data to locate affected devices more quickly.

For teams still relying on manual patching, Splashtop AEM reduces repetitive work and makes deployment more consistent. Organizations using Microsoft Intune can add faster patching, clearer visibility, and more direct remediation workflows to enhance Intune. Teams already using an RMM can strengthen patch automation and combine endpoint management with remote troubleshooting when issues occur.

Try Splashtop AEM Free

Reduce patching delays, improve visibility into missing updates, and respond faster to critical vulnerabilities with Splashtop AEM.

Start a free trial and see how centralized patching, automation, CVE insights, and real-time compliance reporting can simplify your Patch Tuesday workflow.

Begin nu!
Probeer Splashtop AEM vandaag gratis
Gratis proefperiode


Delen
RSS FeedAbonneren

Verwante content

IT operations dashboard with alerts
Patch Tuesday

Patch Tuesday maart 2026: 83 kwetsbaarheden, veel hoog-risico CVE's

Meer informatie
An IT technician working on a computer.
Patch Tuesday

April 2026 Patch Tuesday: 165 kwetsbaarheden, 1 zero-day

A business professional working on a computer.
Patch Tuesday

Feb 2026 Patch Tuesday: 59 kwetsbaarheden, meerdere zero-days

January 2026 Patch Tuesday
Patch Tuesday

Januari 2026 Patch Tuesday: 112 kwetsbaarheden, 1 Zero-Day

Bekijk alle blogs