CVE Tools
Back to feed
SecurityWeek ·EN-US News source Exploited in the wildActive DirectorySharePoint ServerWindows VMSwitch

Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

By Ionut Arghire··2 min read
CVE Tools coverage

Microsoft has issued a record number of security patches—622 total—during its July 2026 Patch Tuesday update cycle. Among these, two critical zero-day vulnerabilities were confirmed to be exploited in the wild. These include CVE-2026-56155 affecting Active Directory Federation Services and CVE-2026-56164 impacting SharePoint Server, both enabling privilege escalation attacks. Other notable issues addressed involve Windows VMSwitch, Remote Desktop Protocol, and Exchange Server. This extensive patch release highlights the growing pace of vulnerability discovery, driven in part by AI tools like Microsoft's MDASH.