July 2026 Patch Tuesday fixes 622 Microsoft CVEs, including three zero-days

| July 15, 2026
Microsoft

Just one month ago, June 2026 Patch Tuesday broke Microsoft’s previous record with 206 CVEs and three zero‑days. July now triples that count, reinforcing that the era of “small” Patch Tuesdays may be over as AI‑driven vulnerability discovery ramps up.

The update includes 59 critical vulnerabilities, as well as three publicly disclosed zero-days. Microsoft classifies these as zero-days because information about the vulnerabilities became public before patches were available. Two are known to be actively exploited by attackers.

How to apply patches and check if you’re protected

These updates fix security problems and keep your Windows PC protected. Here’s how to make sure you’re up to date:

1. Open Settings

  • Click the Start button, then open Settings.

2. Go to Windows Update

  • Select Windows Update (usually at the bottom of the menu on the left).

3. Check for updates

  • Click Check for updates. Windows will search for the latest security updates.
  • If you’ve enabled Get the latest updates as soon as they’re available under More options, you may be prompted to restart immediately. If so, restart your computer to complete the update. Otherwise, continue to the next step.
    Windows Update History for July 2026

4. Download and install

  • If updates are available, they’ll start downloading automatically. When they’re ready, click Install or Restart now if prompted. Your computer may need a restart to finish the update.

5. Double-check you’re up to date

  • After restarting, go back to Windows Update and check again. If it says You’re up to date, you’re all set.
Windows is up to date

Technical details

Let’s look at the three zero-days.

First is a Windows BitLocker security feature bypass vulnerability, tracked as CVE-2026-50661. It is not known to be actively exploited. Microsoft describes it as:

“Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.”

In other words, even if you’ve encrypted your machine with BitLocker, an attacker could exploit this vulnerability to access your data if they have physical access to your computer.

Next is the actively exploited CVE-2026-56155, an Active Directory Federation Services (ADFS) elevation of privilege (EoP) vulnerability. ADFS is a Microsoft software component that provides single sign-on (SSO) and federated access. It acts as a trust broker between an organization’s Active Directory and applications. An attacker who successfully exploited this vulnerability could gain administrator privileges. Reportedly, Microsoft discovered the vulnerability while investigating active attacks.

Last but not least is CVE-2026-56164, a Microsoft SharePoint Server elevation of privilege vulnerability. SharePoint Server is the on-premises version of Microsoft’s web-based collaboration and document management platform. A missing authentication check in Microsoft Office SharePoint could allow an attacker to elevate privileges over a network.

Both actively exploited vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog, which sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies. CISA has also urged organizations using SharePoint Server to implement hardening measures after the latest exploitations.


CNET Editors' Choice Award 2026

According to CNET. Read their review


About the author

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.