Today is the monthly 'Windows Update' day, with a record-breaking 622 vulnerabilities being fixed.



The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released. The security update addresses 622 vulnerabilities.

July 2026 Security Updates (Monthly)
https://www.microsoft.com/en-us/msrc/blog/2026/07/202607-security-update

July 2026 Security Update - Release Notes - Security Update Guide - Microsoft
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul




Below is a list of security updates for July 2026. This update will fix a total of 622 vulnerabilities. The previous record for the most vulnerabilities fixed by Windows Update was 206 in June 2026 , so this update has more than tripled.

Product Family maximum severity The biggest impact Related support articles or support web pages
Windows 11 v26H1, v25H2, v24H2, v23H2 emergency Remote code execution is possible. v26H1 5101649
v25H2, v24H2 5101650
v23H2 5099414
Windows Server 2025 (including Server Core installation) emergency Remote code execution is possible. 5099536
Windows Server 2022 (including Server Core installation) emergency Remote code execution is possible. 5099540
Windows Server 2019, 2016 (including Server Core installation) emergency Remote code execution is possible. Windows Server 2019 5099538
Windows Server 2016 5099535
Microsoft Office emergency Remote code execution is possible. https://learn.microsoft.com/officeupdates
Microsoft SharePoint emergency Remote code execution is possible. https://learn.microsoft.com/officeupdates/sharepoint-updates
Microsoft Exchange emergency Remote code execution is possible. https://learn.microsoft.com/exchange
Released: July 2026 Exchange Server Security Updates
Microsoft SQL Server emergency Remote code execution is possible. https://learn.microsoft.com/SQL
Microsoft Dynamics 365 emergency Remote code execution is possible. https://learn.microsoft.com/dynamics365
Microsoft Azure emergency Remote code execution is possible. https://learn.microsoft.com/azure
Microsoft .NET important Remote code execution is possible. https://learn.microsoft.com/dotnet
Microsoft Visual Studio important Remote code execution is possible. https://learn.microsoft.com/visualstudio
Microsoft Defender important Elevation of privileges https://learn.microsoft.com/defender


Of the vulnerabilities being fixed, the 'Privilege Escalation Vulnerability in Microsoft SharePoint Server ( CVE-2026-56164 )' and the 'Privilege Escalation Vulnerability in Active Directory Federation Services ( CVE-2026-56155 )' have been confirmed to be exploited. In addition, the 'Windows BitLocker Security Feature Bypass Vulnerability (CVE-2026-50661)' is a publicly known vulnerability.

Windows Update is released on the second Tuesday of each month in US time, and the next update is scheduled to be released on Wednesday, August 12, 2026, in Japan time.

in Security, Posted by log1o_hf