securityaffairs.com 7/14/2026, 10:32:09 PM · external

Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month

Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month
Developing story vulnerability 7 articles tracked
Microsoft patches record 622 vulnerabilities including two exploited zero‑days
CyberSIXT Evidence Panel
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

MICROSOFT'S July 2026 Patch Tuesday marks a historic release with 621 new CVEs, the highest in a single month. Key updates address critical vulnerabilities affecting key products like SharePoint, RDP, Hyper-V, and Active Directory Federation Services (AD FS). Significant flaws include two actively exploited zero-days and multiple critical bugs, with 63 rated as critical.

Notable vulnerabilities include CVE-2026-57092, a critical elevation of privilege in Windows VMSwitch with a CVSS score of 9.9, and two critical remote code execution vulnerabilities in SharePoint. Patching is urgent, especially for vulnerabilities that allow unauthenticated access or direct remote exploitation.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline