Microsoft's July 2026 Patch Tuesday: A Record 570 Flaws, Including Two Exploited Zero-Days
This July 2026 Patch Tuesday sees **Microsoft** release an unprecedented 570 security updates, addressing a vast array of vulnerabilities. Notably, the update includes fixes for two zero-day vulnerabilities actively exploited in the wild and one publicly disclosed flaw, underscoring the critical importance of timely patching for IT security professionals and privacy-conscious users alike.
# Microsoft's July 2026 Patch Tuesday: A Record-Breaking Update with Critical Zero-Day Fixes
**Microsoft** has released its July 2026 Patch Tuesday updates, addressing an astonishing 570 security flaws. This record-breaking tally includes patches for two zero-day vulnerabilities that have been actively exploited in real-world attacks, alongside one publicly disclosed vulnerability.
## Unprecedented Scope of Patches
Out of the 570 vulnerabilities, 59 are classified as "Critical." The breakdown of these critical flaws includes 48 remote code execution (RCE) vulnerabilities, 9 elevation of privilege (EoP) flaws, 1 security bypass, and 1 spoofing vulnerability. This massive volume of updates highlights a growing trend in vulnerability discovery, potentially influenced by **Microsoft**'s recent adoption of AI-powered systems for identifying security weaknesses.
It's important to note that this count specifically focuses on updates released by **Microsoft** today and excludes fixes for products like **Mariner**, **Azure OpenAI**, **Azure Synapse**, **M365 Copilot**, **Microsoft Exchange Online**, **Microsoft Edge for Android**, and **Microsoft Entra Provisioning Service** that were addressed earlier this month. Additionally, 468 **Microsoft Edge**/**Chromium** flaws patched by **Google** this month, and subsequently ported to **Microsoft Edge**, are also excluded from this particular roundup.
## Critical Zero-Days Under Active Exploitation
This month's Patch Tuesday is particularly urgent due to the inclusion of three zero-day vulnerabilities. **Microsoft** defines a zero-day flaw as one that is either publicly disclosed or actively exploited while no official fix is available.
### **Active Directory Federation Services** (AD FS) Elevation of Privilege
One of the actively exploited zero-days is an elevation of privilege vulnerability in **Active Directory Federation Services (AD FS)**. Tracked as an insufficient granularity of access control, this flaw allows an authorized attacker to elevate privileges locally within the system.
**Microsoft** credited Jeremy Kingston and Scott Clark of the **Microsoft Detection and Response Team (DART)** for uncovering this vulnerability, suggesting it was likely identified during incident response investigations. Details regarding the exploitation methods have not yet been disclosed.
### **Microsoft SharePoint Server** Elevation of Privilege
The second actively exploited zero-day impacts **Microsoft SharePoint Server**, allowing an unauthorized remote attacker to gain elevated privileges over a network. This flaw stems from missing authentication for a critical function within **Microsoft Office SharePoint**.
**Microsoft** advises that enabling the **Antimalware Scan Interface (AMSI)** on the server and setting the Request Body Scan mode to Full can help mitigate this vulnerability. The discovery of this flaw was attributed to Jayson Frost with **Mandiant Incident Response**, Genwei Jiang with **Google Cloud**, **FLARE OTF**, and an anonymous researcher. Specifics on the exploitation remain undisclosed.
### **Windows BitLocker** Bypass
Finally, a publicly disclosed **Windows BitLocker** bypass flaw has also been patched. This vulnerability could allow an attacker with physical access to the target system to bypass the **BitLocker Device Encryption** feature and gain access to encrypted data. An anonymous researcher was credited with reporting this flaw.
## Comprehensive Vulnerability List
For IT security professionals, reviewing the complete list of resolved vulnerabilities is crucial for prioritizing patching efforts. The full report details each vulnerability and the systems it affects.
| Tag | CVE ID | CVE Title | Severity |
| :--------------------------------------- | :-------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------- | :---------- |
| .NET | [CVE-2026-50649](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50649) | .NET Remote Code Execution Vulnerability | Important |
| .NET | [CVE-2026-50525](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50525) | .NET Denial of Service Vulnerability | Important |
| .NET | [CVE-2026-50528](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50528) | .NET Security Feature Bypass Vulnerability | Important |
| .NET | [CVE-2026-47302](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47302) | .NET Denial of Service Vulnerability | Important |
| .NET | [CVE-2026-50659](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50659) | .NET Spoofing Vulnerability | Important |
| .NET | [CVE-2026-50526](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50526) | .NET Tampering Vulnerability | Important |
| .NET | [CVE-2026-47304](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47304) | .NET Security Feature Bypass Vulnerability | Important |
| .NET | [CVE-2026-50651](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50651) | .NET Denial of Service Vulnerability | Important |
| .NET Core | [CVE-2026-57108](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57108) | .NET Denial of Service Vulnerability | Important |
| .NET Framework | [CVE-2026-50524](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50524) | .NET Framework Denial of Service Vulnerability | Important |
| .NET Framework | [CVE-2026-50650](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50650) | .NET Framework Elevation of Privilege Vulnerability | Important |
| .NET Framework | [CVE-2026-50527](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50527) | .NET Framework Denial of Service Vulnerability | Important |
| .NET Framework | [CVE-2026-50646](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50646) | .NET Framework Remote Code Execution Vulnerability | Important |
| .NET Framework | [CVE-2026-50648](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50648) | .NET Framework Denial of Service Vulnerability | Important |
| **Active Directory Certificate Services (AD CS)** | [CVE-2026-54121](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54121) | Active Directory Certificate Services Elevation of Privilege Vulnerability | Critical |
| Active Directory Domain Services | [CVE-2026-50366](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50366) | Windows Active Directory Domain Services Denial of Service Vulnerability | Important |
| Active Directory Domain Services | [CVE-2026-49164](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49164) | Windows Active Directory Domain Services Remote Code Execution Vulnerability | Critical |
| Active Directory Domain Services | [CVE-2026-49178](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49178) | Windows Active Directory Domain Services Remote Code Execution Vulnerability | Important |
| Active Directory Domain Services | [CVE-2026-57976](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57976) | Windows Active Directory Domain Services Denial of Service Vulnerability | Important |
| Active Directory Federation Services (AD FS) | [CVE-2026-50368](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50368) | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Active Directory Federation Services (AD FS) | [CVE-2026-50304](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50304) | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Active Directory Federation Services (AD FS) | [CVE-2026-50695](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50695) | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |