Updated
Updated · The Hacker News · Jul 14
Microsoft Ships 622 Patches, Fixes 2 Exploited Zero-Days in SharePoint and AD FS
Updated
Updated · The Hacker News · Jul 14

Microsoft Ships 622 Patches, Fixes 2 Exploited Zero-Days in SharePoint and AD FS

3 articles · Updated · The Hacker News · Jul 14

Summary

  • 622 Microsoft CVEs landed in July Patch Tuesday—more than triple June's total—with the most urgent fixes closing two zero-days already exploited in SharePoint Server and Active Directory Federation Services.
  • CVE-2026-56164 lets an unauthenticated attacker escalate privileges over the network on self-hosted SharePoint, while CVE-2026-56155 lets an authenticated attacker gain higher privileges on AD FS, the token-signing system many enterprises trust for logins.
  • SharePoint risk is heightened because Server 2016 and 2019 hit end of extended support the same day, with no paid ESU option; Microsoft also advised enabling AMSI in Full Mode to blunt attacks.
  • A separate SharePoint JWT authentication bypass was patched this month, but Rapid7 said the remote-code-execution bug needed to complete that chain will not be fixed until August.
  • Microsoft also removed the Kerberos RC4 rollback switch in July, meaning organizations that have not audited and rotated affected service accounts could face authentication failures even as they rush to patch.

Insights

Microsoft's AI finds more security flaws than ever. Is this making Windows safer, or just revealing how vulnerable it has always been?
With indefinite update pauses now possible, are we trading user control for a future of widespread, preventable cyberattacks?
Windows' new 'time machine' saves your entire PC, but with only a 72-hour memory, can it truly save you from disaster?