// NEXUSVOID CYBER NEWS

<- ALL CYBER NEWS

Critical

Microsoft, Patch Tuesday, zero-day, SharePoint, ADFS, elevation of privilege

Microsoft Ships a Record 622-CVE Patch Tuesday With Two Zero-Days Already Exploited

Microsoft's largest-ever Patch Tuesday closes 622 CVEs, including two elevation-of-privilege zero-days under active attack — CVE-2026-56164 in on-prem SharePoint and CVE-2026-56155 in ADFS. Prioritize the two live bugs first.

What happened. Microsoft shipped its largest Patch Tuesday on record — 622 CVEs by its Security Update Guide count, more than triple June's previous high of around 200. Two of the fixes close holes attackers are already exploiting: CVE-2026-56164, an elevation-of-privilege flaw in on-premises SharePoint Server, and CVE-2026-56155, an elevation-of-privilege flaw in Active Directory Federation Services (ADFS). Microsoft credited incident responders for both.

Who's affected. Everyone running Windows and Microsoft server products, but the two live bugs concentrate risk on organizations running on-prem SharePoint and ADFS — identity and collaboration infrastructure at the center of enterprise access. Neither zero-day is a flashy remote-code-execution critical; both are privilege bugs in systems that matter more than their scores suggest.

What to do now. Don't try to swallow 622 CVEs as one queue. Patch the two actively-exploited zero-days first — SharePoint and ADFS — then work the remaining criticals by exposure. If you run ADFS, treat it as a crown-jewel identity system: check for anomalous token issuance and privilege changes alongside patching.

Our read. A 622-item list is not a plan, and CVSS won't sort it for you — the two bugs that matter today are mid-severity elevation-of-privilege flaws, not the top-scored criticals. Exploitation status is the signal. In our analysis of the 2025 KEV catalog, 67% of the vulnerabilities actually exploited in the wild would have been missed by an organization relying on an annual penetration test to find them. The job isn't patching everything on Tuesday; it's knowing continuously which few of the 622 are being used against you.

Reporting by The Hacker News and Krebs on Security; patch counts per Microsoft's Security Update Guide. Sources linked above.

Liked this briefing? Share it:

More briefings

Related posts appear on the live page
Get the briefings first
Breaking security news, verified fast, with the one fact the headlines skip. No spam - unsubscribe anytime.