
Microsoft has released the July 2026 Patch Tuesday cumulative updates for Windows 11, fixing hundreds of security vulnerabilities while introducing Secure Boot improvements, security hardening changes, and compatibility fixes.
The updates also patch a publicly disclosed BitLocker bypass vulnerability and an actively exploited Active Directory Federation Services (AD FS) privilege escalation flaw.
The July Patch Tuesday release includes KB5101650 for Windows 11 25H2 and 24H2, updating systems to builds 26200.8875 and 26100.8875, and KB5101649 for Windows 11 26H1, bringing devices to build 28000.2525.
This month's Patch Tuesday addresses 622 Microsoft CVEs across the company's products, including 416 Windows vulnerabilities, as well as fixes for Microsoft Office, Edge, Exchange Server, SharePoint Server, SQL Server, Defender, and Azure services.
Among the most notable vulnerabilities is CVE-2026-50661, an Important BitLocker Security Feature Bypass vulnerability that was publicly disclosed before patches became available. Microsoft says that an attacker with physical access to a vulnerable device could bypass BitLocker Device Encryption and access encrypted data, although the company currently considers such exploitation less likely.
Microsoft also patched CVE-2026-56155, an Active Directory Federation Services (AD FS) Elevation of Privilege vulnerability that has already been exploited in attacks. The flaw allows an authenticated local attacker with low privileges to obtain administrator privileges and was reported by Jeremy Kingston and Scott Clark of Microsoft's Detection and Response Team (DART).
Another actively exploited flaw fixed this month is CVE-2026-56164, a Microsoft SharePoint Server Elevation of Privilege vulnerability discovered by Jayson Frost of Mandiant Incident Response, Genwei Jiang of Google Cloud FLARE OTF, and an anonymous researcher. The vulnerability stems from the absence of authentication for a critical function, allowing an unauthenticated attacker to elevate privileges over the network. Microsoft recommends that SharePoint administrators also ensure AMSI integration is enabled and configured to perform Full request body scanning to help detect malicious payloads.
Beyond security fixes, the July updates continue Microsoft's rollout of new Secure Boot certificates ahead of the expiration of older certificates that began in June 2026. The company says it has expanded device targeting to identify more eligible systems, and Windows Update will continue deploying the replacement certificates over the coming months.
The updates also fix an issue introduced by June's security updates that prevented some third-party applications using OLE Automation from launching Microsoft Office applications or opening Office documents.
Microsoft has also introduced several security hardening changes. Windows now includes curl 8.21.0 with the latest security improvements, adds support for SHA-2 certificate thumbprints for trusted Remote Desktop publishers while beginning the transition away from SHA-1, and enforces Transport Driver Interface (TDI) transport registration requirements, which could affect applications using unregistered third-party TDI transports.
Microsoft says it is not currently aware of any known issues affecting either cumulative update.
Users can install the updates through Settings > Windows Update > Download & Install all.

A system reboot will be required for the updates to apply. It is strongly recommended to back up important data before applying the system update to prevent data loss in case something goes wrong in the process.






Leave a Reply