
MICROSOFT released its July 2026 Patch Tuesday update, addressing a staggering 622 security flaws across its product line, including two zero‑day vulnerabilities that are already being exploited in the wild.
The first of the actively exploited bugs, tracked as CVE-2026-55040, carries a CVSS score of 9.1 and describes an authentication bypass in SharePoint that lets an attacker gain unauthenticated access, a flaw highlighted in the Rapid7 analysis of the update.
The second, CVE-2026-56164, scores 5.3 on the CVSS scale and involves a missing authentication check in SharePoint Server that enables remote privilege escalation; it has been added to the CISA Known Exploited Vulnerabilities catalogue.
Although Microsoft has not linked either flaw to a specific threat actor, both vulnerabilities have been observed in active attacks, prompting federal agencies to prioritize patching under binding directives, as noted in the SecurityOnline report.
The update marks the largest Patch Tuesday in Microsoft’s history, with 416 of the addressed bugs affecting Windows components alone, a figure that analysts attribute to the growing use of artificial intelligence in vulnerability discovery, according to DarkReading.
Administrators should deploy the July patches without delay, giving precedence to the two actively exploited SharePoint issues, and consider enabling AMSI logging for SharePoint as an interim safeguard while waiting for full system updates.
Beyond this release, security teams are encouraged to adopt continuous patching practices, improve asset inventories and follow the guidance provided in the MSRC release notes to stay ahead of the rising tide of vulnerabilities.