SecurityWeek ·EN-US News source Exploited in the wildActive DirectorySharePoint ServerWindows VMSwitch
Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
CVE Tools coverage
Microsoft has issued a record number of security patches—622 total—during its July 2026 Patch Tuesday update cycle. Among these, two critical zero-day vulnerabilities were confirmed to be exploited in the wild. These include CVE-2026-56155 affecting Active Directory Federation Services and CVE-2026-56164 impacting SharePoint Server, both enabling privilege escalation attacks. Other notable issues addressed involve Windows VMSwitch, Remote Desktop Protocol, and Exchange Server. This extensive patch release highlights the growing pace of vulnerability discovery, driven in part by AI tools like Microsoft's MDASH.