Microsoft's Record 570-CVE Patch Tuesday Includes Two Actively Exploited Zero-Days
Microsoft released its largest-ever Patch Tuesday on July 14, addressing approximately 570 CVEs — including 59 critical — with two zero-days already under active exploitation before fixes were available. The two priority vulnerabilities are CVE-2026-56155, a privilege escalation flaw in Active Directory Federation Services, and CVE-2026-56164, an unauthenticated SharePoint Server escalation exploitable over the network. Security researchers also flagged a separate SharePoint vulnerability, CVE-2026-55040, which may form part of an unauthenticated remote code execution chain once a second, still-embargoed flaw is patched, expected in August. Microsoft has attributed the growing volume of discovered vulnerabilities partly to AI-assisted internal security research, and has consequently shortened its recommended update deferral window to under three days. Separately, security firms Wiz and the AI Now Institute published findings on the same day revealing new attack techniques targeting agentic AI coding tools, expanding the threat surface further.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in