TL;DR
- Today’s Microsoft Patch Tuesday release includes 570 CVEs (record breaking), with two zero-days and one publicly disclosed additional zero-day vulnerability
- There were 143 Remote Code Execution CVEs, and 34% of those have ‘Critical’ impact
- We recommend prioritizing patching for the three identified zero-days immediately
It’s mid-summer—the time of year that the heat waves are here and the ice cream consumption is at an all-time high. It’s also prime time for World Cup soccer, which may be a time of joy or anguish depending on who you root for (don’t worry, both can be treated with ice cream). While many IT professionals are burning their vacation hours, Microsoft decided to turn up heat with their CVE volume. Welcome to Patch Tuesday.
| CVE ID | Affects | Affected versions | CVSS | Description |
|---|---|---|---|---|
|
CVE-2026-56155 |
Active Directory Federation Services (AD FS) | 15 total
Windows 10 (4 versions) Windows Servers (11 versions) |
7.8 | Can be exploited for administrator privileges |
|
CVE-2026-50661 |
Windows BitLocker | 23 total
Windows 10 (10 versions) Windows 11 (6 versions) Windows Servers (7 versions) |
6.1 | Can bypass security features with physical attack |
|
CVE-2026-56164 |
Microsoft SharePoint | 3 total
Windows Servers (2 versions) Subscription (1 version) |
5.3 | Missing authentication allows unauthorized privilege elevation |
|
CVE-2026-55008 |
Microsoft Exchange Server | 4 total
Windows Servers (3 versions) Subscription (1 version) |
9.6 | Cross-site scripting allows network spoofing |
Patch Tuesday: July 14, 2026
Today’s release includes 570 CVEs, including fixes for three zero-day vulnerabilities. Here are the CVEs we think are deserving of your attention first:
- Active Directory Federation Services Elevation of Privilege Vulnerability (CVE-2026-56155): This CVE has already seen active exploitation. Attackers could locally leverage this vulnerability to gain admin privileges. This CVE impacts multiple server versions reaching back to 2012. Prioritize remediation to prevent exploit risk.
- Windows BitLocker Security Feature Bypass Vulnerability (CVE-2026-50661): This CVE has more of a spy movie script, as attackers must have physical access to the asset. Although unlikely, it was released as a zero-day, and so we recommend remediation prioritization for the 23 KB articles to address asset risk.
- Microsoft SharePoint Server Elevation of Privilege Vulnerability (CVE-2026-56164): This vulnerability is remotely exploitable and active exploitation has been identified. Attackers could exploit this weakness remotely to gain elevated privileges.This vulnerability can be remediated through the subscription edition or onsite server.
- Microsoft Exchange Server Spoofing Vulnerability (CVE-2026-55008): The credential compromise risk via phishing has been a longstanding issue. In this Outlook Web Access weakness, an attacker exploits a user by sending a specifically crafted malicious email, and if the unsuspecting user opens and interacts, a Javascript execution could occur. The vulnerability can also be remediated via a subscription edition or the onsite server.
That’s it for this month. Questions? Reach out to your Expel representative or contact us here.
