Microsoft Ships Record 600+ CVE Patch Tuesday Alongside Two Decade-Old Linux Kernel Flaws
Microsoft released its largest-ever Patch Tuesday update on July 15, 2026, addressing between 570 and 622 CVEs across Windows, Office, Azure, Exchange, and other products. The update included fixes for three zero-days, two of which — a SharePoint privilege-escalation flaw and an Active Directory Federation Services bug — were already being actively exploited before patches arrived. Microsoft also permanently removed RC4 Kerberos support, meaning any service accounts still using RC4 ticket encryption may begin failing authentication after the update is applied. On the Linux side, a 16-year-old KVM vulnerability dubbed Januscape (CVE-2026-53359) was disclosed, enabling a malicious guest VM to escape to the host on both Intel and AMD systems — a first for KVM — posing serious risks to multi-tenant cloud environments. The KVM bug originated in a 2010 commit and was only patched upstream in June 2026, highlighting how long critical vulnerabilities can remain hidden in widely used open-source infrastructure.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in