Microsoft’s July patches repair over 600 flaws, shattering final month’s document
Abstract created by Good Solutions AI
In abstract:
- PCWorld stories Microsoft’s July 2024 Patch Tuesday shattered data by fixing over 620 vulnerabilities, together with 570 new safety flaws throughout Home windows, Workplace, and gaming merchandise.
- Important threats embrace actively exploited SharePoint and ADFS vulnerabilities, plus 24 Distant Code Execution flaws that may be triggered by way of e mail preview panes with out opening recordsdata.
- Fast patching is crucial as this unprecedented quantity of fixes highlights escalating cyber threats, with 2024’s whole patches already exceeding earlier annual data.
Yesterday was July’s Patch Tuesday and Microsoft launched safety updates to handle 570 new safety vulnerabilities. Should you add up all of the patches Microsoft launched for the reason that begin of the month, the overall involves greater than 620.
To name this a brand new document can be an enormous understatement—the earlier document stood at 206 in June. The overall variety of vulnerabilities patched thus far this 12 months (1,380) has already surpassed that of 2020’s record-breaking 12 months (1,250).
The subsequent scheduled Patch Tuesday is on August eleventh, 2026.
Home windows safety updates
A lot of the fastened vulnerabilities—this time over 400—are unfold throughout the varied Home windows variations for which Microsoft nonetheless offers safety updates (10, 11, Server). Microsoft not too long ago prolonged the Home windows 10 ESU program till October twelfth, 2027.
Assaults on Lively Listing
The one Home windows vulnerability this month that’s already being exploited within the wild is the high-risk Elevation of Privilege (EoP) vulnerability CVE-2026-56155 in Lively Listing Federation Companies (ADFS). The entry controls aren’t granular sufficient, permitting an attacker to achieve administrator rights. Home windows Server variations 2012 to 2025 in addition to older variations of Home windows 10 (1607 and 1809) are weak.
Important Home windows vulnerabilities
Among the many 413 Home windows vulnerabilities addressed by Microsoft this month are 24 important Distant Code Execution (RCE) vulnerabilities and 7 important EoP vulnerabilities. The Use-After-Free (UAF) vulnerability CVE-2026-57092 in Hyper-V’s VMSwitch stands out from the remaining, the place a profitable attacker with low privileges can acquire elevated privileges on the host system from throughout the visitor system.
In Distant Desktop Protocol (RDP), the RCE vulnerability CVE-2026-56190 could be exploited by decided attackers. By utilizing specifically crafted RDP packets, they’ll work together with reminiscence that has not been correctly initialized. This offers them the flexibility to control reminiscence in such a approach that injected code could be executed.
The RCE vulnerability CVE-2026-50518 within the DHCP server is certainly one of 9 DHCP vulnerabilities addressed this month, and there’s additionally RCE vulnerability CVE-2026-56188 current within the Home windows Server community driver. Right here, an attacker can use specifically crafted information packets to execute injected code on weak programs. All supported Home windows editions, from Home windows 10 to Server 2025, are weak.
Microsoft Workplace safety updates
Microsoft has fastened 97 vulnerabilities in its Workplace merchandise, nearly twice as many as in June. These embrace 17 important RCE vulnerabilities. Generally, the preview pane is the assault vector—a person doesn’t want to truly open a file to allow a profitable assault. The remaining 48 RCE vulnerabilities could be exploited if a person opens a malicious Workplace file in a weak Workplace product (open-and-own).
Even medium-risk vulnerabilities deserve consideration: the EoP vulnerability CVE-2026-56164 in SharePoint Server, the place an attacker can acquire entry by way of the community with out person authentication, is already being exploited within the wild. Anybody exploiting the Safety Function Bypass (SFB) vulnerability CVE-2026-55040 in SharePoint Server can entry recordsdata with out person authentication. SharePoint vulnerabilities CVE-2026-50522 and CVE-2026-58644 are categorised as important RCE vulnerabilities, with a working demo exploit for CVE-2026-50522 demonstrated on the Pwn2Own hacking competitors.
Trade Server safety updates
In Trade Server, Microsoft has fastened 4 vulnerabilities this month, and a fifth in Trade On-line. Spoofing vulnerability CVE-2026-55008, which is predicated on a cross-site scripting (XSS) vulnerability, permits arbitrary JavaScript code to be executed within the browser if a malicious e mail is opened in Outlook Internet Entry (OWA).
Microsoft Edge safety updates
The newest safety replace to Edge 150.0.4078.65 is dated July ninth and based mostly on Chromium 150.0.7871.115. It addresses 27 Chromium vulnerabilities, which aren’t included within the whole variety of vulnerabilities fastened above, nor are the almost 400 Chromium vulnerabilities from the primary week of July, in any other case the overall would exceed 1,000.
Safety updates for avid gamers
Microsoft has already patched RCE vulnerability CVE-2026-55010 in devoted Minecraft Bedrock servers. As a Minecraft server operator, you don’t must take any additional motion, says Microsoft.
With Age of Empires II: Definitive Version, nevertheless, you’ll must take motion. An attacker can exploit RCE vulnerability CVE-2026-50663 by making a malicious recreation state of affairs file and tricking others into opening it. This enables a file containing malicious code to be positioned in an sudden location and doubtlessly executed.
Tip: Whether or not you retain your Home windows updated, you want correct antivirus protections in order for you your PC to stay safe and personal. Take a look at our picks for the most effective antivirus software program for Home windows in addition to greatest VPN companies to remain forward of safety issues.
This text initially appeared on our sister publication PC-WELT and was translated and localized from German.

