Microsoft Releases July 2026 Security Updates
Scheduled updates for Microsoft products address 622 vulnerabilities
Summary
Scheduled updates for Microsoft products address 622 vulnerabilities
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Multiple other Microsoft platforms. Please see Microsoft's July 2026 Security Updates guide for full details.
Threat details
Exploitation of CVE-2026-56164 and CVE-2026-56155
Microsoft states that exploitation of CVE-2026-56164 and CVE-2026-56155 has been detected. NHS England National CSOC assess that future exploitation is highly likely.
Introduction
Microsoft has released security updates to address 622 vulnerabilities in Microsoft products, including the 4 vulnerabilities highlighted below.
- CVE-2026-56164 - a privilege escalation vulnerability with a CVSSv3 score of 5.3, arising from missing authentication in Microsoft Office SharePoint.
- CVE-2026-56155 - a privilege escalation vulnerability with a CVSSv3 score of 7.8, arising from insufficient granularity of access control in Active Directory Federation Services.
- CVE-2026-50661 - a security feature bypass vulnerability with a CVSSv3 score of 6.1, arising from a protection mechanism failure in Windows BitLocker.
- CVE-2026-55040 - a security feature bypass vulnerability with a CVSSv3 score of 9.1, arising from weak authentication in Microsoft Office SharePoint
SharePoint Server 2016 and 2019 are no longer supported
As of 14 July 2026, Microsoft's extended support for SharePoint Server 2016 and SharePoint Server 2019 has come to an end, therefore these products are now unsupported by Microsoft. Organisations are encouraged to switch to a supported version.
Remediation advice
Affected organisations are encouraged to review Microsoft's July 2026 Security Updates and apply the relevant updates as soon as possible.
Definitive source of threat updates
- https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50661
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55040
CVE Vulnerabilities
Last edited: 15 July 2026 1:15 pm