{
"title": "Microsoft's Record 570-Patch Tuesday Closes Active AD FS, SharePoint Zero-Days — Here's What to Do",
"content": "Microsoft's July 2026 Patch Tuesday landed on July 14 with a staggering 570 security fixes, according to BleepingComputer's count—the most ever in a single monthly release. Among them are two elevation-of-privilege vulnerabilities, CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint Server, that Microsoft confirms are already being exploited by attackers. A third zero-day, a BitLocker security-feature bypass (CVE-2026-50661), was publicly disclosed before a patch was ready, though no active exploitation has been observed yet.
The Zero-Day Threats That Can't Wait
The most urgent fixes address CVE-2026-56155 and CVE-2026-56164, because attackers are using them now. Both let an attacker gain elevated privileges, but they differ in how they work and who is at risk.
CVE-2026-56155: AD FS Elevation of Privilege This flaw in Active Directory Federation Services stems from insufficiently granular access control. An attacker who already has local, authorized access—perhaps through stolen credentials or a compromised low-privilege account—can use this bug to escalate their rights on the system. Discovery is credited to Jeremy Kingston and Scott Clark of Microsoft's Detection and Response Team (DART), a detail that suggests the vulnerability was found while responding to real-world breaches. Microsoft hasn't disclosed how widespread these attacks are, but the DART involvement signals that the exploits aren't theoretical.
CVE-2026-56164: SharePoint Server Elevation of Privilege More concerning for many organizations is the SharePoint Server bug, which can be exploited over a network. A missing authentication check for a critical function means an unauthenticated remote attacker could gain elevated privileges. This vulnerability was reported by researchers from Mandiant, Google Cloud,