Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Security alert graphic for Microsoft July 2026 Patch Tuesday with 570 flaws and 3 zero-days

Microsoft’s July 2026 Patch Tuesday just dropped a record-breaking 570 security fixes — nearly triple a typical month — including two vulnerabilities already being exploited in the wild and one publicly disclosed.

The two actively exploited flaws are worth your immediate attention. CVE-2026-56155 is an elevation of privilege bug in Active Directory Federation Services (ADFS) that lets an attacker escalate to admin. It was discovered by Microsoft’s own incident response team while investigating real attacks — which tells you the kind of damage it enables. CVE-2026-56164 is a missing-authentication flaw in on-premises SharePoint Server that lets an unauthenticated attacker gain elevated privileges remotely. The third zero-day, CVE-2026-50661, is a BitLocker bypass that could expose encrypted data to someone with physical access to the device.

The sheer volume matters here. Microsoft has confirmed it’s now using AI-powered vulnerability discovery across its Windows codebase, which is why the count jumped from around 200 per month to 570. This isn’t a one-off spike — it’s a structural shift. Australian businesses running managed environments should expect Patch Tuesday to be heavier from here on, and that means patching windows need to be tighter and testing more disciplined. We’re already seeing this in our own client base: the organisations that had automated patch pipelines in place before July sailed through, while those still doing manual approvals are scrambling.

What to do right now: prioritise the ADFS and SharePoint zero-days. If you run ADFS for single sign-on, patch today — not next week. If you still have on-prem SharePoint, enable AMSI on the server as an interim mitigation and apply the update. For everything else in the 570-flaw stack, work with your IT provider to triage by severity and exposure. If you need a hand prioritising, talk to our security team.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →