Otto  background

570 CVEs, two exploited zero-days, and the network bugs to patch tonight

Patch [Fix] Tuesday: July 2026

Connect With Us

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Microsoft shipped 570 CVEs this July. This is the largest Patch Tuesday on record, and it isn't a near miss on the old high mark. It's closer to triple a heavy month than double one. Last year's record is gone.

Almost none of it gets absorbed on Microsoft's side. Of the 570 CVEs, 569 require customer action. The load concentrates in core Windows and Office: the kernel, Excel, NTFS, and SharePoint carry the largest counts. This isn't a release where a browser or cloud-side fix quietly clears most of the list. What lands on your endpoints is most of it.

CVE-2026-56155 [Exploited]

Active Directory Federation Services elevation of privilege vulnerability

CVE-2026-56155 goes first for one reason: it's the bug in this release Microsoft is flagging as already exploited. Until the patch dropped, it was a zero-day. On paper it's a 7.8, lower than most of what follows, and that's exactly the trap. The score understates it.

The flaw is insufficient granularity of access control in Active Directory Federation Services (ADFS). A local attacker uses it to gain administrator privileges. ADFS handles authentication for any network that runs it, which makes local admin on that box close to a worst case. It's admin rights on the machine that mints admin tokens. Once an attacker has a foothold on the initial host, this is the next step toward moving laterally. It puts them within reach of network takeover.

The offensive read tracks. Any AD escalation with an authentication angle gets documented, reused, and carried for years, whatever the CVSS says. Detections for it are often not in place, which is how an attacker sits in the environment exercising this while going unnoticed. The old comfort of catching an intruder a few steps in, well before they reach the domain, rarely holds.

How attackers may exploit this vulnerability

  • An attacker who already has a local foothold on the ADFS host uses the access-control flaw to escalate to administrator.

  • With admin on the identity infrastructure, the next move is lateral: minting or abusing tokens to reach whatever the environment trusts ADFS to authenticate.

  • It's under active exploitation, so treat any exposure as a live path, not a theoretical one.

What to look out for

  • Unexpected privilege changes or new administrative activity on ADFS servers.

  • Authentication events that don't match normal token issuance patterns.

  • Gaps in your own detection coverage for AD escalation. Most teams have no alerting tuned for it, which is how it stays quiet.

Mitigation guidance

  • Patch it first, ahead of the higher-scoring bugs below. Active exploitation outranks a bigger number.

  • Treat ADFS as tier-zero identity infrastructure and review who can reach it locally.

  • Once the initial box is patched, walk the rest of your identity path. A privilege escalation like this is the second step in a chain, not the whole attack.

CVE-2026-49181 [Important]

Windows DHCP client elevation of privilege vulnerability

CVE-2026-49181 is a 7.5 integer underflow in the Windows DHCP client, and successful exploitation gets an attacker SYSTEM. The word to underline is client.

Most teams babysit the DHCP server because it feels like infrastructure. The client rarely gets the same controls. A DHCP client is any endpoint that talks to DHCP, which is effectively all of them. From the attacker's side, this is enabling capability more than an initial-access vector: a way to redirect traffic to a resource you control once you're already inside, then use that foothold to work on the next box.

How attackers may exploit this vulnerability

  • An attacker on the local network manipulates DHCP client handling to gain SYSTEM on a target endpoint.

  • The value is lateral movement and traffic redirection, sending a client to a malicious or hijacked internal resource, not first entry.

  • Because it targets the client, every endpoint is in scope, not just the servers a team watches closely.

What to look out for

  • Endpoints pulling configuration from unexpected DHCP sources.

  • Traffic redirected toward internal hosts that have no business serving it.

  • Unmanaged and bring-your-own-device endpoints that talk to DHCP but fall outside normal patch coverage.

Mitigation guidance

  • Patch every endpoint, not just servers. A client-side bug leaves a half-patched fleet exposed.

  • Fold bring-your-own-device endpoints into the same remediation pass.

  • New bugs in a protocol this old are rare, so treat a high-rated one as worth a real look rather than a routine client update.

CVE-2026-56190 [Important]

Remote Desktop Protocol remote code execution vulnerability

CVE-2026-56190 is a 9.8 in RDP, another protocol that's been beaten on for decades and still produces serious bugs. This one is a use of uninitialized memory. Craft the right RDP traffic, corrupt memory, and potentially get code execution. It's probably hard to exploit in practice. That's not the kind of bug that drives mass exploitation or drive-by campaigns, so most data-extortion crews will pass on it.

This one comes with a free fix. It's only exploitable when Network Level Authentication (NLA) is off. Turn NLA on and you close the pre-auth path entirely, with no scramble to patch. That's one setting, and it's worth enforcing rather than assuming. Better still, RDP shouldn't face the public internet at all. The trouble is that "surely nobody exposed RDP" is a bad bet. Check Shodan and the answer is always worse than you'd like.

How attackers may exploit this vulnerability

  • An attacker sends crafted RDP traffic to a system where NLA is disabled and corrupts uninitialized memory to run code.

  • With NLA enforced, the pre-authentication path closes and the bug is out of reach.

  • Internet-facing RDP turns a hard-to-exploit bug into a target worth the effort.

What to look out for

  • RDP listeners reachable from the public internet, especially ones nobody remembers standing up.

  • Hosts where NLA is disabled or inconsistently enforced.

  • RDP connection attempts from unexpected sources against management endpoints.

Mitigation guidance

  • Enforce NLA across the fleet. It's the free fix, and it needs to be enforced, not assumed.

  • Keep RDP behind a jump box and off the public internet.

  • Patch as normal, but treat the NLA setting as the immediate control.

CVE-2026-56164 [Exploited]

Microsoft SharePoint Server elevation of privilege vulnerability

CVE-2026-56164 is the second bug in this release Microsoft is flagging as already exploited, and it's the one most triage queues will bury. The score is a 5.3, Moderate severity, the kind of number that gets sorted behind everything with a 9 in front of it. Microsoft's own exploitability assessment says otherwise: exploitation detected.

The flaw is missing authentication for a critical function in SharePoint. An unauthorized attacker reaches that function over the network, with no credentials and no user interaction required, and comes out with elevated privileges. That's a materially different bar than the SharePoint RCE covered next, which needs at least a site-owner login. Pair an unauthenticated privilege gain with a deserialization bug that only needs site-owner access. The two stop looking like separate line items and start looking like adjacent stops on the same path.

How attackers may exploit this vulnerability

  • An unauthenticated attacker reaches the vulnerable SharePoint function directly over the network and exploits the missing authentication check to gain elevated privileges.

  • No credentials and no user interaction are required, which puts any internet-facing SharePoint instance in scope.

  • The privilege gained here is a plausible stepping stone into the site-owner-level access the SharePoint RCE below requires.

What to look out for

  • Requests hitting SharePoint functions that should require authentication but show no corresponding login event.

  • New or modified site permissions that don't trace back to an admin action.

  • Any SharePoint anomaly this month deserves a second look. Two separate bugs in the same product are already confirmed under active exploitation.

Mitigation guidance

  • Patch this alongside the ADFS bug. Active exploitation, not CVSS, sets the patching order.

  • Don't let the 5.3 talk you out of prioritizing it. Moderate severity and active exploitation are not the same thing.

  • Audit site-owner and elevated-permission grants after patching, in case the access gained here was already used to create one.

CVE-2026-50522 [Critical]

Microsoft SharePoint remote code execution vulnerability

CVE-2026-50522 is a 9.8 remote code execution bug in SharePoint, and SharePoint is a box people deliberately put on the internet. That's not hypothetical exposure. On-prem SharePoint got chained and mass-exploited last year, so treat this as a repeat of a pattern you've already watched play out.

The mechanism is deserialization of untrusted data. The server pulls data out of a request and rebuilds it into a live object in memory. Craft that data carefully enough and you make it build something that runs your code instead. Exploitation needs authentication, but only as a site owner. Organizations hand out site owner constantly. So patching is step one, and reevaluating who holds that permission is step two. This is a least-privilege problem as much as a patching one. Pair it with the exploited elevation bug above, and the site-owner requirement stops being much of a barrier.

Perception is what makes SharePoint worse than its score suggests. People treat it as low risk, reach it from home and personal endpoints, and rarely register that it usually has backend connections into a surprising number of sensitive systems. One exploited site owner can turn into control of all of SharePoint, and from there into everything SharePoint touches.

CVE-2026-57092 [Critical]

Windows VMSwitch elevation of privilege vulnerability

CVE-2026-57092 is a 9.9, the highest score in the release, and it's a use-after-free in the Hyper-V virtual switch. The payoff is a guest breaking out to the host: one compromised VM taking over the box it runs on, and every other guest with it. If you run a distributed or multi-tenant virtualization environment, patch this. A single foothold in one VM should not become the whole hypervisor.

CVE-2026-50661 [Important]

Windows BitLocker security feature bypass vulnerability

CVE-2026-50661 scores a 6.1, low because it takes physical access, and that low number is doing a lot of work to make this look unimportant. Physical access to the endpoint gets an attacker past full-disk encryption and at the data underneath, which blows a hole in your data-at-rest protection.

Physical access sounds like a movie plot until you count lost and stolen laptops, which happen more often than teams plan for, especially with work from home. People travel with laptops, run them through airports, and pack them in checked bags. Most laptop thieves want the hardware rather than your BitLocker keys, but you can't count on that. For anyone with a compliance regime built on data-at-rest encryption, which in 2026 is nearly everyone, this needs handling quickly. Don't let a 6.1 talk you out of it.

Apple: another WebKit month

Apple shipped Tahoe 26.5.2 on June 29, right before the holiday. Almost all of it is the browser stack: WebKit. Parsing is hard, and WebKit runs through the entire Apple ecosystem on desktop and mobile. It's also the cleanest way onto a macOS, iOS, or iPadOS endpoint, so bugs keep falling out of it.

The exposure isn't only "I browsed to a bad site." A WebKit bug can trigger from a malicious iMessage or something similar, with no risky click involved. Researchers hammer WebKit this hard because it's where the spyware money is. These vulnerabilities sell for real sums, with nation-states among the buyers evaluating them. Push Tahoe 26.5.2 across your Mac fleet.

Linux: Dirty Clone and the copy-fail family

Linux this month is almost entirely local privilege escalation, and that framing matters before anyone tunes out. These are bugs where an attacker already needs a foot in the door: a local account, a container, a tenant on a shared box, a Kubernetes node. They rank below the Windows network bugs above, and they still need patching. Getting local is often easier than teams assume, especially under an assumed-compromise model or during routine internal testing.

The name to know is Dirty Clone. It's the latest in the copy-fail generation of bug. The kernel shares memory with a file and marks it read-only, and a trick gets around that protection. The family started with Copy-Fail in April, ran through Dirty Frag and its Fragnesia variant, which we covered on May's Patch Fix Tuesday, and now includes Dirty Clone. The family isn't done. Expect more variants over the next few months.

Old code isn't safe code. It's code nobody's looked at recently. AI makes reviewing decades of it fast and cheap, so the supply of these long-dormant bugs is going up, not down.

The record has a cause

A release this large doesn't happen on its own.

Agentic AI is doing more of the work than the CVE notes admit. Only a handful of entries carry an explicit note that AI helped find them, and that's almost certainly a heavy undercount. AI is part of most research workflows now, so it rarely gets called out unless the finding came from a frontier lab or a company built around AI-driven discovery. Far more than the labeled few likely had help. You don't approach triple a previous record without it. The model rarely does the whole job. More often it makes a researcher faster: here's the rough shape of a suspected bug, now validate it in a fraction of the time it would take by hand.

The calendar is the other push. Black Hat and DEF CON are weeks away, and researchers who want to disclose responsibly report to the vendor ahead of the talk rather than on stage. That front-loads July and August every year. The pre-Vegas push has a snowball effect of its own, surfacing whole classes of bugs a vendor then has to unpack. Stack that against the AI-driven boost and the curve stops looking like steady growth. It starts looking exponential.

Frontier-paced governance, in practice

A release you can't triage by hand is the argument for automation, made in one month. Nobody reviews a list this size manually and patches in time. Think about risk categorically instead of one CVE at a time. The goal isn't to be risk-averse. It's to be risk-aware.

The practical work hasn't changed. It just has to move faster.

Discipline Why it matters Where to be
Accurate inventory Unknown endpoints don't get patched Every endpoint accounted for, ownership and OS version current
Patch velocity The window from fix shipped to fix landed is the attacker's runway Critical patches measured in hours and days, not weeks and quarters
Configuration discipline Some fixes are a setting, not a patch, and settings drift Enforcement, like NLA for RDP, not one-time application
Defense in depth Something will slip through The next layer is already in place when it does

Governance has to match execution. When discovery accelerates, posture updates have to be continuous, not quarterly.

Patch regularly, patch often

The size of this release is the headline, but the response is the same one that's worked for 20 years. Accurate inventory tells you whether a given box even runs SharePoint, an exposed RDP listener, or a vulnerable DHCP client. Patch velocity closes the gap between a fix shipping and a fix landing. Configuration discipline holds the line where the fix is a setting, and enforcing NLA across the fleet is exactly that kind of job. Automox Worklets push it in a single pass. Automox customers can employ Worklets in the catalog for that; everyone else can run the Automox Community Worklets without a subscription.

Patch the ADFS zero-day first, then the exploited SharePoint elevation bug right behind it. Patch the DHCP client across every endpoint, not just servers. Enforce NLA and get RDP off the public internet. Patch internet-facing SharePoint for the deserialization bug, your Hyper-V hosts, and BitLocker. Push Tahoe 26.5.2 to your Macs and cover your Linux fleet against Dirty Clone. It's a long list this month. Start at the top and work down.

Sources

Dive deeper into this topic