On July 14th, Microsoft released security updates addressing a staggering 622 vulnerabilities—almost three times more than the previous month. This monumental release far surpassed the former record of 206 patched vulnerabilities set in June. The sheer volume of updates poses significant challenges for IT departments worldwide, with Windows alone accounting for 416 issues, Office for 82, and the Edge browser for 46 vulnerabilities. Alarmingly, over 60 of these vulnerabilities were classified as critical.
Three Zero-Day Vulnerabilities—Two Actively Exploited
Among the updates, three zero-day vulnerabilities have emerged as particularly concerning. Two of these vulnerabilities are already being actively exploited by attackers. The first, CVE-2026-56155, affects Active Directory Federation Services (AD FS) and allows for privilege escalation. The second one, CVE-2026-56164, is found within SharePoint and similarly enables escalation of user rights.
The third zero-day vulnerability, CVE-2026-50661, bypasses BitLocker protection. While this vulnerability was publicly disclosed before the patch was released, active exploitation has not been confirmed. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has already included the SharePoint and AD FS vulnerabilities in its catalog of known exploited vulnerabilities—an urgent call for companies to apply these patches immediately.
Overview of the Most Dangerous Vulnerabilities
Beyond the zero-day exploits, several vulnerabilities stand out due to their high-risk assessments:
- CVE-2026-57092: A privilege escalation issue in VMSwitch, with a CVSS score of 9.9—the highest this month.
- CVE-2026-48561: A code execution vulnerability in Microsoft Copilot, rated at 9.6.
- CVE-2026-55040: A critical authentication vulnerability in SharePoint that could be part of a multi-stage attack.
AI as a Double-Edged Sword
The massive increase in discovered vulnerabilities is no coincidence. Microsoft is increasingly leveraging AI for bug detection. Their in-house system, known as MDASH, has been instrumental in identifying security gaps in its codebases. However, the flip side is that the more vulnerabilities are found, the greater the attack surface becomes for hackers targeting remaining weaknesses.
Just as the official patches were released, another alarm was triggered. An independent security researcher, using the pseudonym NightmareEclypse, published a proof-of-concept exploit for an unpatched vulnerability in the Windows User Profile Service. Known as HiveLegacy, this exploit allows users with low permissions to manipulate administrative registry structures. Security experts advise administrators to monitor the User Profile Service (ProfSvc) and to restrict the creation of local accounts.
Other Vendors Also Issuing Patches
The July security cycle was not solely a Microsoft affair. Other major software vendors also released updates:
- Adobe resolved 88 vulnerabilities, including a critical path traversal issue in ColdFusion.
- SAP published 16 security updates for various enterprise applications.
- Google fixed over 460 bugs in the Chromium project, impacting Microsoft Edge and other browsers.
End of Support for Legacy Products
Coinciding with the security updates, Microsoft announced the end of support for several older products. Affected products include SharePoint 2016 and 2019, Project Server 2016 and 2019, Dynamics GP 2016, and SharePoint Designer 2013. Organizations still using these products should urgently migrate to supported versions to avoid unpatched security risks.

