Particle.news
Download on the App Store

Microsoft Issues Record Patch Tuesday and Flags Two Zero‑Days Under Active Attack

AI-driven vulnerability hunting has compressed safe patching windows to days, prompting urgent exploit-focused guidance from vendors and agencies.

Overview

  • Microsoft released the July Patch Tuesday updates on Tuesday, July 14, 2026, distributing a record single-month volume of fixes that Microsoft’s Security Update Guide counts at roughly 621–622 CVEs.
  • The company warned two zero-day elevation‑of‑privilege flaws are being actively exploited: CVE-2026-56155 in Active Directory Federation Services, which can let a local user gain administrator rights, and CVE-2026-56164 in SharePoint Server, which allows unauthenticated remote privilege escalation.
  • A third notable issue, CVE-2026-50661, is a publicly disclosed BitLocker security‑feature bypass that requires physical access to a device and should be patched but is lower operational urgency than the two exploited zero‑days.
  • Security vendors and U.S. agencies including CISA are urging immediate patching, hardening of exposed services such as SharePoint and AD FS, and a move from CVSS-only prioritization to exploit-driven triage using KEV, EPSS and Microsoft’s exploited flags.
  • Experts say Microsoft’s use of agentic AI tools like MDASH is rapidly increasing the pace and volume of vulnerability discovery, which is forcing organizations to adopt faster SLAs, fix legacy out-of-support systems and prepare for higher monthly update cadences from other vendors.