MICROSOFT'S July 2026 Patch Tuesday marks a historic release with 621 new CVEs, the highest in a single month. Key updates address critical vulnerabilities affecting key products like SharePoint, RDP, Hyper-V, and Active Directory Federation Services (AD FS). Significant flaws include two actively exploited zero-days and multiple critical bugs, with 63 rated as critical.
Notable vulnerabilities include CVE-2026-57092, a critical elevation of privilege in Windows VMSwitch with a CVSS score of 9.9, and two critical remote code execution vulnerabilities in SharePoint. Patching is urgent, especially for vulnerabilities that allow unauthenticated access or direct remote exploitation.