Microsoft’s July Patch Tuesday Unveils Critical Exploits Amidst 622 Vulnerabilities

Published:

spot_img

Microsoft’s July Patch Tuesday Unveils Critical Exploits Amidst 622 Vulnerabilities

Microsoft’s recent Patch Tuesday has revealed significant vulnerabilities, with two of them already being exploited in the wild. These vulnerabilities are included in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) list, highlighting their urgency. Additionally, there has been public disclosure regarding another vulnerability, underscoring the importance of immediate attention from IT departments and cybersecurity professionals.

As is customary, vulnerabilities related to web browsers are not counted in the Patch Tuesday totals. This month, Microsoft has streamlined its Security Update Guide, moving away from listing individual vulnerabilities to providing a summary table that categorizes vulnerabilities by product family. This shift reflects a broader industry trend of increasing vulnerability disclosures, which often leads to a corresponding rise in the release of remediation efforts.

Critical Vulnerabilities in Microsoft SharePoint

Among the critical vulnerabilities disclosed this month is CVE-2026-55040, an authentication bypass issue in Microsoft SharePoint. Discovered by Stephen Fewer, a senior principal security researcher at Rapid7, this vulnerability is particularly concerning as it can be exploited to achieve unauthenticated remote code execution when combined with another vulnerability. Patches for SharePoint Server Subscription Edition, as well as versions 2019 and 2016, are now available. However, the second vulnerability in this exploit chain remains embargoed, with Microsoft expected to address it in the upcoming August Patch Tuesday.

Microsoft has also acknowledged ongoing exploitation of CVE-2026-56164, which allows attackers to elevate privileges over a network without requiring prior access. Despite a relatively low CVSS v3 base score of 5.3, Microsoft has rated this vulnerability as “Important,” indicating its potential severity.

Evolving Landscape of Vulnerability Reporting

The Patch Tuesday process has undergone notable changes in 2026, marked by an increase in vulnerability reporting and discovery. The emergence of vulnerabilities disclosed in a manner designed to maximize impact has posed new challenges for Microsoft. One such example is the recent disclosure by the pseudonymous researcher Nightmare Eclipse, who released a Defender elevation of privilege vulnerability shortly after the June Patch Tuesday. This vulnerability, identified as CVE-2026-50656, has been dubbed “RoguePlanet” and has raised concerns about the potential for disk exhaustion attacks.

In addition, a new proof of concept for another vulnerability, nicknamed LegacyHive, has surfaced, which appears to allow non-privileged users to access another user’s hive. This trend of escalating vulnerabilities necessitates heightened vigilance from cybersecurity teams.

Impact on Microsoft BitLocker and Active Directory

Today’s updates also include patches for Microsoft BitLocker, addressing a known security feature bypass vulnerability. The advisory for CVE-2026-50661 indicates that unauthorized attackers with physical access to a machine can bypass BitLocker protections. While Microsoft has not confirmed the specifics, it is believed that this patch addresses the “GreatXML” vulnerability disclosed by Nightmare Eclipse shortly after the previous Patch Tuesday.

Active Directory administrators should take note of the emergence of CVE-2026-56155, which has been exploited in the wild and allows authorized attackers to elevate privileges locally within Active Directory Federation Services. Alongside this, eight other vulnerabilities in Active Directory Federation Services have been published, all rated as “Important” on Microsoft’s severity scale.

Expanding Vulnerabilities in Software and Gaming

Interestingly, this month also marks the inclusion of vulnerabilities in software related to gaming, with the popular title Age of Empires II: Definitive Edition now listed among the affected products. The vulnerability identified as CVE-2026-50663 allows attackers to execute code by placing malicious files in unexpected locations when users open compromised game scenario files.

As Microsoft approaches significant product lifecycle changes in mid-July, the implications for organizations relying on older software versions are considerable. SQL Server 2016 will transition into a pay-to-play Extended Security Updates (ESU) phase, while SQL Server 2014 will enter its final year of ESU. Similarly, SharePoint Server versions 2016 and 2019 will reach their extended end date, leaving SharePoint Subscription Edition as the only fully supported self-hosted option.

In summary, the July Patch Tuesday highlights the critical need for organizations to remain vigilant in their cybersecurity practices. The ongoing evolution of vulnerabilities and the increasing complexity of their exploitation underscore the importance of timely updates and proactive security measures.

Source: www.cyberdaily.au

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

Australia-India PACTS Advances Cybersecurity and Technology Cooperation

Australia-India PACTS Advances cybersecurity and Technology Cooperation Australia and India have launched the Australia-India Partnership on Cyber, Critical Technologies, and Supply Chains (PACTS), a strategic...

Enshi Suobuya Stone Forest Boosts Cultural Experiences for Southeast Asian Tourists

Enshi Suobuya Stone Forest Boosts Cultural Experiences for Southeast Asian Tourists ENSHI, CHINA - As China continues to refine its inbound visa-free policies, the Suobuya...

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure In a significant development in the fight against cybercrime, three Russian nationals have been indicted...

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect In recent years, the Middle East has emerged as a pivotal hub for global...