CVE Tools
Back to feed
The Hacker News ·EN News source Exploited in the wildSharePoint ServerActive Directory Federation ServicesBitLocker

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

By The Hacker News··6 min read
CVE Tools coverage

Microsoft issued its largest-ever Patch Tuesday update, addressing 622 vulnerabilities, including two zero-day flaws currently being exploited in the wild. The most urgent fixes address CVE-2026-56164 in SharePoint Server and CVE-2026-56155 in Active Directory Federation Services. Both allow privilege escalation and are already being used by attackers. These bugs were reported by incident response teams, indicating real-world exploitation. While neither is a high-severity remote code execution flaw, their impact on core enterprise infrastructure makes them critical to patch immediately.