Microsoft’s July 2026 Patch Tuesday has made headlines by addressing over 600 security vulnerabilities, with 570 of them being newly discovered flaws across various platforms, including Windows and Office products. This update shatters previous records, surpassing June’s total of 206 vulnerabilities and bringing the year-to-date patch count to 1,380, which is already higher than the entire previous year’s figure of 1,250.
The updates come as part of a response to growing cyber threats. Among the critical vulnerabilities patched are those within the Active Directory Federation Services (ADFS), which allow attackers to gain administrator rights due to insufficient access controls. Furthermore, a significant group of 24 Remote Code Execution (RCE) vulnerabilities pose a risk as they can be exploited via email preview panes without needing the user to open files.
Key updates include:
Windows Vulnerabilities
- Over 400 vulnerabilities across Windows versions were resolved, including critical flaws in Remote Desktop Protocol (RDP) and the Hyper-V virtualization platform that could permit remote code execution.
- The high-risk EoP vulnerability identified as CVE-2026-56155 is actively being exploited.
Microsoft Office Updates
- A total of 97 vulnerabilities had been patched, including 17 critical RCE vulnerabilities. Many of these could allow exploitation through the Office preview pane.
Exchange Server and Edge Updates
- Exchange Server had four vulnerabilities patched, while Microsoft Edge saw 27 fixes related to known Chromium vulnerabilities.
Recommendations
Given the critical nature of these updates, immediate patching is highly recommended to safeguard systems against potential exploits. Users are also advised to maintain antivirus protections and stay proactive to ensure their systems remain secure.
For anyone using Windows and Office products, these updates are crucial in mitigating security risks and ensuring continued protection against evolving cyber threats.
