Help Net Security ·EN-US News source Exploited in the wildWindowsActive Directory Federation Services (ADFS)SharePoint Server
AI-driven bug hunting fuels record Microsoft Patch Tuesday
CVE Tools coverage
Microsoft addressed over 570 vulnerabilities in its July 2026 Patch Tuesday update, including two actively exploited flaws—CVE-2026-56155 and CVE-2026-56164—and one previously disclosed issue, CVE-2026-50661. Among these, CVE-2026-56164 is a critical elevation of privilege vulnerability in SharePoint Server that allows remote exploitation with low complexity. Attackers are already leveraging this flaw, prompting urgent calls for patching. Microsoft also warned about another unpatched Windows EoP vulnerability, CVE-2026-56155, which affects ADFS and is being used in real-world attacks. CISA and other agencies have emphasized the need for rapid remediation and additional hardening measures.