2026年7月15日星期三

Microsoft Monthly Security Update (July 2026)

Microsoft Monthly Security Update (July 2026)

Release Date: 15 Jul 2026

RISK: High Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
AppsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing
 
WindowsMedium Risk Medium RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Data Manipulation
Denial of Service
Security Restriction Bypass
Spoofing
CVE-2026-56155 is being exploited in the wild. Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. Hence, the risk level of this vulnerability is rated as Medium Risk.
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Data Manipulation
Denial of Service
Security Restriction Bypass
Spoofing
CVE-2026-56155 is being exploited in the wild. Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. Hence, the risk level of this vulnerability is rated as Medium Risk.
SQL ServerMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
Information Disclosure
 
AzureMedium Risk Medium RiskElevation of Privilege
Denial of Service
 
Server SoftwareMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
 
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Denial of Service
Information Disclosure
Security Restriction Bypass
Remote Code Execution
Data Manipulation
Spoofing
 
OtherMedium Risk Medium RiskRemote Code Execution
Data Manipulation
 
System CenterMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
 
Microsoft OfficeHigh Risk High RiskSpoofing
Remote Code Execution
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
CVE-2026-56164 is being exploited in the wild. Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network. Hence, the risk level of this vulnerability is rated as High Risk.
DeviceMedium Risk Medium RiskElevation of Privilege 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution 
Open Source SoftwareMedium Risk Medium RiskElevation of Privilege
Data Manipulation
 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 12

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk


Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation
  • Spoofing

System / Technologies affected

  • Apps
  • Windows
  • Extended Security Updates (ESU)
  • SQL Server
  • Azure
  • Server Software
  • Developer Tools
  • Other
  • System Center
  • Microsoft Office
  • Device
  • Microsoft Dynamics
  • Open Source Software

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link

沒有留言:

發佈留言

Mozilla 產品多個漏洞

Mozilla 產品多個漏洞 發佈日期: 2026年07月15日 風險: 高度風險 類型: 用戶端 - 瀏覽器 於 Mozilla 產品發現多個...