Home World USA Latin America Europe Asia Africa TV Shows Showbiz Travel Lifestyle Opinion Science Politics Health Sports Tech Entertainment Business
Tech July 15, 2026

Microsoft Releases Record-Setting July Patches to Fix 600+ Flaws

Microsoft Releases Record-Setting July Patches to Fix 600+ Flaws

July's Patch Tuesday saw Microsoft release security updates to address 570 new security vulnerabilities. This brings the total number of patches released since the start of the month to more than 620, a record-breaking number. In comparison, the previous record stood at 206 in June, and the total number of vulnerabilities patched so far this year (1,380) has already surpassed that of 2020's record-breaking year (1,250).

The next scheduled Patch Tuesday is on August 11th, 2026. A large number of the fixed vulnerabilities—over 400—are spread across the various Windows versions for which Microsoft still provides security updates (10, 11, Server). Microsoft recently extended the Windows 10 ESU program until October 12th, 2027.

One of the Windows vulnerabilities this month that's already being exploited in the wild is the high-risk Elevation of Privilege (EoP) vulnerability CVE-2026-56155 in Active Directory Federation Services (ADFS). The access controls aren't granular enough, allowing an attacker to gain administrator rights. Windows Server versions 2012 to 2025 as well as older versions of Windows 10 (1607 and 1809) are vulnerable.

Among the 413 Windows vulnerabilities addressed by Microsoft this month are 24 critical Remote Code Execution (RCE) vulnerabilities and seven critical EoP vulnerabilities. The Use-After-Free (UAF) vulnerability CVE-2026-57092 in Hyper-V's VMSwitch stands out, where a successful attacker with low privileges can gain elevated privileges on the host system from within the guest system.

The RCE vulnerability CVE-2026-56190 in Remote Desktop Protocol (RDP) can be exploited by determined attackers. By using specially crafted RDP packets, they can interact with memory that has not been properly initialized. This gives them the ability to manipulate memory in such a way that injected code can be executed.

Microsoft has fixed 97 vulnerabilities in its Office products, almost twice as many as in June. These include 17 critical RCE vulnerabilities. In most cases, the preview pane is the attack vector—a user doesn't need to actually open a file to enable a successful attack. The remaining 48 RCE vulnerabilities can be exploited if a user opens a malicious Office file in a vulnerable Office product.

In Exchange Server, Microsoft has fixed four vulnerabilities this month, and a fifth in Exchange Online. Spoofing vulnerability CVE-2026-55008, which is based on a cross-site scripting (XSS) vulnerability, allows arbitrary JavaScript code to be executed in the browser if a malicious email is opened in Outlook Web Access (OWA).

The latest security update to Edge 150.0.4078.65 is dated July 9th and based on Chromium 150.0.7871.115. It addresses 27 Chromium vulnerabilities, which aren't included in the total number of vulnerabilities fixed above.

Microsoft has already patched RCE vulnerability CVE-2026-55010 in dedicated Minecraft Bedrock servers. As a Minecraft server operator, you don't need to take any further action, says Microsoft. However, with Age of Empires II: Definitive Edition, you'll need to take action. An attacker can exploit RCE vulnerability CVE-2026-50663 by creating a malicious game scenario file and tricking others into opening it.

Share this article

UMVA MAG

UMVA Mag is your trusted source for breaking news, in-depth analysis, and compelling stories from around the world. Covering politics, business, technology, entertainment, sports, health, science, and more — we deliver journalism that matters.

Independent, Accurate, Unbiased
24/7 Breaking News Coverage
Trusted by Millions Worldwide