
MICROSOFT released its July 2026 Patch Tuesday update, addressing a wave of SharePoint zero‑day flaws that include a critical deserialization bug now listed in CISA’s Known Exploited Vulnerabilities catalogue. Microsoft published the advisory.
Tracked as CVE-2026-58644, the flaw scores 9.8 on the CVSS scale and allows an unauthenticated attacker to send specially crafted data to a SharePoint server, triggering remote code execution. CISA added it to the KEV list after confirming active exploitation.
Also addressed were CVE-2026-56164, an elevation of privilege issue that can be exploited without authentication, CVE-2026-55040, an authentication bypass in SharePoint, and CVE-2026-56155, an ADFS elevation of privilege flaw marked as known exploited. SecurityWeek reported on the advisory.
CISA’s alert urged federal agencies to apply the patches within three days and to monitor SharePoint servers for abnormal behaviour. The agency notice highlighted the network‑based attack vector that needs no user interaction.
The July update set a record with 622 unique CVEs fixed, a number driven in part by improved detection tools that use machine learning to spot flaws earlier. Malwarebytes covered the scale of the patch release.
Administrators should prioritize installing the July patches, especially those for the KEV‑listed SharePoint vulnerabilities, then review SharePoint logs for unusual activity, rotate IIS machine keys and consider enabling AMSI as an additional hardening step. DarkReading noted the need for continuous patching strategies given the volume.