IN July 2026, Microsoft published 622 vulnerabilities, a record 416 of which are for Windows. Among the critical vulnerabilities are two exploited in the wild: CVE-2026-55040, an authentication bypass in SharePoint, and CVE-2026-56164, an elevation of privilege issue also in SharePoint. The release sees a trend of increasing vulnerability reports, with Microsoft changing its update documentation approach.
New vulnerabilities include those affecting Active Directory, DHCP, and several applications like Microsoft Exchange and SharePoint, signaling a notable rise in exploitation likelihood.