Skip to main content

Microsoft Releases July 2026 Security Updates

Scheduled updates for Microsoft products address 622 vulnerabilities

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products address 622 vulnerabilities


Affected platforms

The following platforms are known to be affected:

The following platforms are also known to be affected:

Multiple other Microsoft platforms. Please see Microsoft's July 2026 Security Updates guide for full details. 

Threat details

Exploitation of CVE-2026-56164 and CVE-2026-56155

Microsoft states that exploitation of CVE-2026-56164 and CVE-2026-56155 has been detected. NHS England National CSOC assess that future exploitation is highly likely.


Introduction

Microsoft has released security updates to address 622 vulnerabilities in Microsoft products, including the 4 vulnerabilities highlighted below.

  • CVE-2026-56164 - a privilege escalation vulnerability with a CVSSv3 score of 5.3, arising from missing authentication in Microsoft Office SharePoint.
  • CVE-2026-56155 - a privilege escalation vulnerability with a CVSSv3 score of 7.8, arising from insufficient granularity of access control in Active Directory Federation Services.
  • CVE-2026-50661 - a security feature bypass vulnerability with a CVSSv3 score of 6.1, arising from a protection mechanism failure in Windows BitLocker. 
  • CVE-2026-55040 - a security feature bypass vulnerability with a CVSSv3 score of 9.1, arising from weak authentication in Microsoft Office SharePoint

SharePoint Server 2016 and 2019 are no longer supported

As of 14 July 2026, Microsoft's extended support for SharePoint Server 2016 and SharePoint Server 2019 has come to an end, therefore these products are now unsupported by Microsoft. Organisations are encouraged to switch to a supported version.


Remediation advice

Affected organisations are encouraged to review Microsoft's July 2026 Security Updates and apply the relevant updates as soon as possible.



Last edited: 15 July 2026 1:15 pm