Microsoft released its largest Patch Tuesday update on record, fixing 569 vulnerabilities across Windows, Office, SharePoint, Exchange, SQL Server, Defender, Hyper-V, DHCP, TCP/IP, Remote Desktop, and other products. The release included 56 Critical, 510 Important, and 3 Moderate flaws, with three zero-days highlighted and two confirmed as exploited in the wild. Elevation of privilege bugs accounted for the largest share of fixes, while remote code execution issues made up roughly a quarter of the total.
Among the most significant issues were exploited zero-days affecting Microsoft SharePoint Server and Active Directory Federation Services (ADFS), a publicly disclosed BitLocker security feature bypass, and a critical unauthenticated deserialization RCE impacting Microsoft Dynamics NAV and Dynamics 365 Business Central on-premises. Microsoft also addressed multiple serious DHCP Server and Client vulnerabilities and 20 Windows Kernel elevation of privilege flaws, six of which were assessed as more likely to be exploited; SharePoint defenders were also pointed to Microsoft guidance on enabling AMSI integration to strengthen server-side malware detection.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
CISA warned that three SharePoint Server vulnerabilities—CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164—were being actively exploited, added them to the Known Exploited Vulnerabilities catalog, and directed federal agencies to secure systems affected by CVE-2026-56164 by July 17 or discontinue them if mitigations could not be applied.
Microsoft's July 2026 Patch Tuesday released fixes for a record-setting volume of vulnerabilities across its products. Coverage in the references notes 569-570 flaws addressed, including three zero-days and active exploitation of SharePoint Server and AD FS issues.
A CVE record for CVE-2026-45659 was published in the CVE database, documenting the vulnerability as a distinct disclosure prior to Microsoft's July 2026 Patch Tuesday release.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
38 references tracked. Mallory keeps watching after this page renders.
techrepublic.com
Open sourcecybersecuritynews.com
Open sourcethecybersecguru.com
Open sourcecybersecuritynews.com
Open sourcemicrosoft.com
Open sourcelearn.microsoft.com
Open sourcecwe.mitre.org
Open sourcerapid7.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.