The Hacker News ·EN News source Exploited in the wildSharePoint ServerActive Directory Federation ServicesBitLocker
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
CVE Tools coverage
Microsoft issued its largest-ever Patch Tuesday update, addressing 622 vulnerabilities, including two zero-day flaws currently being exploited in the wild. The most urgent fixes address CVE-2026-56164 in SharePoint Server and CVE-2026-56155 in Active Directory Federation Services. Both allow privilege escalation and are already being used by attackers. These bugs were reported by incident response teams, indicating real-world exploitation. While neither is a high-severity remote code execution flaw, their impact on core enterprise infrastructure makes them critical to patch immediately.