
Microsoft's July security update fixes 622 flaws, including two already exploited
Microsoft's July 2026 security update fixes 622 flaws, including two vulnerabilities already exploited in the wild.
Microsoft's July 2026 security update is a unusually large patch cycle for Windows administrators, with hundreds of fixes spanning Windows components, Microsoft Office, SQL Server, Azure services, Visual Studio, SharePoint and other products. Cisco Talos, summarizing Microsoft's release, counted 622 vulnerabilities in the month’s update and said 57 were marked critical.
The most urgent detail is not just the size of the release. Talos said Microsoft identified two vulnerabilities in the July batch as already exploited in the wild. That makes the update a priority for organizations that normally stage Patch Tuesday rollouts over several days, especially where endpoint privilege escalation bugs can be chained with browser, document, email or remote-access exposure.
What changed
Microsoft's Security Update Guide lists the July release with an initial publication time of 2026-07-14 07:00 UTC and a current release timestamp on July 15. The public CVRF feed for the release shows the update set continuing to be revised after publication, which is common as vendors adjust metadata, add affected product entries or clarify guidance.
Talos highlighted the two exploited issues as CVE-2026-56155, an elevation-of-privilege vulnerability in Active Directory Federation Services, and CVE-2026-49719, another elevation-of-privilege issue. The security firm also noted prominent remote-code-execution vulnerabilities across Microsoft Office, Windows Media and Media Foundation, and Windows DHCP Server.
- Administrators should prioritize systems exposed to untrusted documents, media files, authentication flows or network services.
- Enterprises using ADFS should review Microsoft's advisory details for CVE-2026-56155 and confirm patch status quickly.
- Security teams should watch for vendor updates to detections and exploitability assessments as more telemetry appears.
The release also lands at a time when many Windows estates are already preparing for lifecycle changes and stricter update management. A large Patch Tuesday does not automatically mean every flaw is equally likely to be exploited, but known exploitation changes the risk calculation: delayed patching gives attackers more time to reverse-engineer fixes and target systems that lag behind.
For consumers, the guidance is straightforward: apply Windows and Microsoft application updates as soon as practical, then restart when prompted. For businesses, the safer path is targeted acceleration, not blind panic. Validate the July patches against critical applications, move internet-facing and identity infrastructure to the front of the queue, and document any systems that cannot be updated immediately so compensating controls are visible.
Sources
Cover photo by Fernando Arcos on Pexels, used under the Pexels License.
CyberOGZ Team






Comments (0)
Leave a Comment