• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

Microsoft Patches Document 622 Flaws, Together with Two Zero-Days Beneath Lively Assault

Admin by Admin
July 15, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Microsoft shipped its largest Patch Tuesday on document immediately, and two of the fixes shut holes that attackers are already exploiting. The discharge covers 622 of Microsoft’s personal CVEs by its Safety Replace Information rely, greater than triple June’s earlier excessive of round 200.

These two stay bugs are those to seize first. Microsoft credit incident responders for each. Each are elevation-of-privilege flaws in identification and collaboration infrastructure: CVE-2026-56164 in on-premises SharePoint Server and CVE-2026-56155 in Lively Listing Federation Providers.

Neither is without doubt one of the splashy distant code execution criticals. They’re privilege bugs in two techniques that matter greater than their scores recommend: the corporate doc retailer, and the field that indicators its logins.

The 2 zero-days to patch first

CVE-2026-56164, a SharePoint Server flaw Microsoft says is being exploited in assaults, lets an unauthenticated attacker escalate privileges over the community. No credentials, no consumer interplay, distant. Microsoft credited it to Mandiant’s incident responders and Google’s FLARE group, which factors to discovery inside lively assaults, although Microsoft has not stated the way it was exploited or by whom.

When you run self-hosted SharePoint, that is the one to seize first, and there’s a second clock on it: immediately can be the day SharePoint Server 2016 and 2019 attain the tip of prolonged assist. In contrast to Home windows Server or SQL Server, neither has a paid ESU program to fall again on.

Past patching, Microsoft’s advisory notes that enabling AMSI in Full Mode on the server blunts the assault. SharePoint has been an attacker magnet for the reason that ToolShell chain tore by unpatched servers in 2025, and it has not stopped being one.

CVE-2026-56155, an Lively Listing Federation Providers flaw Microsoft additionally flags as exploited, lets an already-authenticated attacker elevate privileges regionally by weak entry controls. Microsoft’s personal DART incident-response unit will get the credit score.

AD FS is the field that indicators the tokens for the remainder of the property trusts, which is why a flaw labeled “native” on that host is value extra consideration than the label suggests. Microsoft has not stated what privileges it grants, or how attackers used it.

Value figuring out for anybody monitoring remediation deadlines: neither CVE is on CISA’s Recognized Exploited Vulnerabilities catalog as of this writing. Microsoft’s personal exploitability ranking already marks each as exploited. Don’t await a KEV itemizing to make it official.

Microsoft additionally charges the SharePoint bug pretty low on severity, which is an effective reminder that the severity label will not be the factor to kind by this month.

A 3rd bug, and a SharePoint chain touchdown in August

The third zero-day was publicly disclosed however will not be underneath assault: CVE-2026-50661, one other BitLocker bypass. It wants bodily entry to the machine, so it isn’t a distant emergency. Patch it, nevertheless it doesn’t leap the queue. It continues a run of BitLocker bypasses stretching again by bitskrieg and YellowKey earlier this 12 months.

SharePoint drew a second notable repair. Rapid7 Labs disclosed CVE-2026-55040, a JWT authentication bypass they constructed for his or her Pwn2Own Berlin entry. The rating will depend on who you ask: Rapid7 places it at 5.3 and says Microsoft assigned it medium severity, whereas ZDI reads the discharge as Important at 9.1.

What it does will not be in dispute. Rapid7 chained it to a separate distant code execution bug to achieve unauthenticated RCE towards a susceptible server, and the RCE half will not be patched but; Microsoft is slated to repair it in August.

That makes July bypass the repair that breaks the chain. A four-point unfold on one bug additionally tells you what a severity quantity is value this month.

The RC4 cleanup that may break logins

This replace additionally finishes Microsoft’s multi-year Kerberos RC4 hardening. The July rollout removes the RC4DefaultDisablementPhase rollback change, the escape hatch admins have leaned on since Microsoft started the crackdown in January.

After this, RC4 works just for accounts explicitly configured to permit it. If any service account in your surroundings nonetheless requests RC4 Kerberos tickets, it might probably fail authentication the second the replace lands.

The order issues: audit first, utilizing the RC4 audit occasions Microsoft added in January, then rotate the passwords on flagged service accounts, so Home windows generates AES keys for them, then patch. Rotation solely fixes accounts lacking AES keys.

Something pinned to RC4 by configuration, or a legacy consumer that speaks nothing else, wants its personal repair earlier than the replace lands. This one doesn’t get you breached; it breaks issues, however it would web page you at 2am if you happen to skip the audit.

Why a quiet month set a document

July is traditionally one of many lightest months on Microsoft’s calendar, which makes a launch this dimension stand out. Home windows alone accounts for 416 of the 622, and ZDI counts 95 distant code execution bugs throughout the discharge.

Right here is the place the remainder sits, and what’s value pulling out of every pile:

Product household CVEs Value pulling out
Home windows 416 Each the AD FS zero-day (CVE-2026-56155) and the disclosed BitLocker bypass (CVE-2026-50661) stay right here. High rating of the discharge is a VMSwitch RCE, CVE-2026-57092 at 9.9. Additionally 5 DHCP RCEs, and 21 NTFS and ReFS driver bugs that ZDI reads as one shared root trigger.
Workplace 82 Counted as soon as. Microsoft lists the identical 82 once more underneath a separate Workplace 2016 observe, which is why some retailers report 164.
Microsoft Edge 46 ZDI counts 21 as Microsoft’s personal fairly than Chromium re-listings.
Developer Instruments 27 Safety function bypasses throughout Visible Studio, VS Code, and GitHub Copilot, principally injection and path traversal.
SharePoint Server 17 The exploited zero-day (CVE-2026-56164) and Rapid7’s chain bypass (CVE-2026-55040), plus a Important RCE pair together with CVE-2026-50522 at 9.8.
Azure 11 Nothing flagged as pressing.
SQL Server 8 An RCE pair, CVE-2026-54117 and CVE-2026-54118, each 8.8.
Defender 5 Two Important RCEs.
Trade Server 5 A saved XSS in Outlook Net Entry, CVE-2026-55008, at 9.6. Microsoft information it underneath spoofing, which undersells it.
Different 5 Nothing flagged as pressing.

Counts are from Microsoft’s Safety Replace Information, which totals 622 distinctive CVEs this month. ZDI, counting independently, landed on 621, and its July overview is the supply for the per-family callouts.

Microsoft referred to as this one 5 days early. In a July 9 publish, it informed prospects to anticipate a “increased quantity of safety updates included in every safety launch” as AI helps it uncover extra points. That work consists of MDASH, its multi-model agentic scanning system, which discovered 16 of the bugs in Could’s Patch Tuesday by itself. Microsoft has not stated what number of of July’s 622 got here out of that pipeline.

The identical automation cuts each methods. As soon as a patch ships, attackers can diff it towards the final construct, discover the bug it closes, and construct a working exploit earlier than most retailers have completed testing. That eats the outdated “wait every week” cushion and shrinks the hole to Exploit Wednesday.

It additionally guts CVSS-based triage. When a launch carries 600-plus CVEs and a big share are rated Excessive or Important, “vital” stops sorting something. This month’s two exploited bugs make the purpose: neither is a headline 9.8, each are mid-tier privilege flaws, and each are already in use.

Kind by what’s being exploited, utilizing KEV, EPSS, and Microsoft’s exploited flag, not by rating, and patch sooner than you used to. The quantity on the field is barely going up.

Tags: ActiveAttackFlawsIncludingMicrosoftPatchesRecordZeroDays
Admin

Admin

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Ideas on Streaming Companies: 2024 Version

Ideas on Streaming Companies: 2024 Version

June 16, 2025
Enterprise-grade pure language to SQL era utilizing LLMs: Balancing accuracy, latency, and scale

Enterprise-grade pure language to SQL era utilizing LLMs: Balancing accuracy, latency, and scale

April 27, 2025
5 Strategic Steps to a Seamless AI Integration

5 Strategic Steps to a Seamless AI Integration

September 16, 2025
The Obtain: introducing the ten Issues That Matter in AI Proper Now

The Obtain: introducing the ten Issues That Matter in AI Proper Now

April 23, 2026
Drive Enterprise Progress with Skilled Odoo ERP Consulting

Drive Enterprise Progress with Skilled Odoo ERP Consulting

May 3, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

Microsoft Patches Document 622 Flaws, Together with Two Zero-Days Beneath Lively Assault

Microsoft Patches Document 622 Flaws, Together with Two Zero-Days Beneath Lively Assault

July 15, 2026
Can AI construct a jet engine? JARVIS Problem exams position of AI copilots in tough-tech engineering | MIT Information

Can AI construct a jet engine? JARVIS Problem exams position of AI copilots in tough-tech engineering | MIT Information

July 15, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved