Microsoft Patch Tuesday July 2026: July 2026 and 578 vulnerabilities

Microsoft's July 2026 Patch Tuesday delivers 578 fixes across identity, networking, storage, and Remote Desktop. Discover the vulnerabilities that matter most and the patching priorities security teams should focus on now.

Microsoft Patch Tuesday July 2026 security update highlighting vulnerability remediation, Windows infrastructure hardening, and enterprise patch management

Table of contents

Dive deeper in our Resource Library
Find the latest white papers, research reports, webinars on demand and much more - all by industry-leading experts.

Microsoft Is Hardening the Foundations of Windows

This month's release addresses 578 vulnerabilities, including 65 Critical, 511 Important and 2 Moderate.  2 vulnerabilities have been confirmed as Weaponized, and by any measure, this is a significant release - on the surface, however, the headline numbers only tell part of the story.

What stood out to me wasn't a single vulnerability.  It was where Microsoft's engineers had invested their time. From Active Directory and Remote Desktop to NTFS, DHCP, DNS and the Windows Kernel, this month's release feels less like a response to a single threat and more like a deliberate effort to strengthen the core infrastructure that underpins almost every Windows enterprise – could this be with the help of AI?

For CISOs and their teams, July is not simply about patching.  It is an opportunity to strengthen the very foundations that attackers depend upon once they gain an initial foothold.

As I worked through this month's data, I found myself coming back to the same conclusion I'd reached over the last few Patch Tuesday releases. Microsoft no longer appears to be focused solely on responding to individual high-profile vulnerabilities.  Instead, Microsoft appears to be systematically strengthening the services, protocols and identity platforms that underpin Windows itself. That doesn't mean the Critical vulnerabilities aren't important, they absolutely are - however, when you step back and look at the release, a much more interesting picture begins to emerge.

Rather than one or more dominant vulnerability commanding all the attention, July delivers meaningful security improvements across many of the technologies that attackers rely upon.  Identity services, remote administration, storage and networking all feature throughout this month's release, suggesting a broader security strategy rather than a series of isolated fixes. For security leaders, that's an important observation this month, it looks like Microsoft are building – or more like re-building their Foundation.

Patch Tuesday July 2026 – the breakdown

Almost half of this month's vulnerabilities are Elevation of Privilege issues, accounting for 256 vulnerabilities.  They are followed by 144 Remote Code Execution vulnerabilities and 102 Information Disclosure vulnerabilities. Taken together, these figures reinforce a trend we've been seeing for several months now.  Attackers are increasingly successful not because of one catastrophic vulnerability, but because they combine multiple weaknesses into reliable attack chains.

Breaking those chains remains one of the most effective ways organizations can reduce risk.

With 19 Remote Desktop related vulnerabilities addressed this month, Microsoft is clearly continuing to strengthen one of the most heavily targeted technologies within enterprise environments.  Whether supporting hybrid workers, IT administrators or remote support teams, Remote Desktop remains central to day-to-day operations, making it an attractive target for ransomware groups and post-compromise activity.  Rather than viewing these as isolated fixes, I think they should be seen as another step towards reducing one of the most common attack paths used inside modern organizations.

I was equally surprised by the amount of engineering effort invested in the Windows storage stack.  Around 22 NTFS-related vulnerabilities, together with additional filesystem and storage components, suggest they continue to strengthen some of the operating system's deepest foundations.  These components rarely feature this prominently in a Patch Tuesday release, yet they frequently become steppingstones for attackers looking to escalate privileges or establish persistence.

Finally, there is the continued fixes in core networking services, including DHCP, DNS and SMB.  These technologies are the plumbing of every Windows environment.  When Microsoft dedicates this much engineering effort to strengthening them, I think it's worth asking why.  To me, it reflects a continued focus on reducing the opportunities attackers have to move laterally.

Looking Beyond the CVSS Score

One thing I've learnt over the years is that the highest CVSS score doesn't always represent the greatest organizational risk. This month's most interesting vulnerabilities are not necessarily those with the highest severity ratings.  Several vulnerabilities affecting identity infrastructure, remote administration and trusted Windows components could have a disproportionate operational impact if left unpatched. Individually, some of these vulnerabilities may appear relatively routine.  Collectively, they represent the building blocks of modern attack chains.

That's why I always encourage organizations to look beyond individual CVEs and ask a different question: If these vulnerabilities were combined, what would the attacker be trying to achieve? Answering that question often leads to a very different patching priority.

How to be the Hero this month: Focus on your unique Patch Risk Profile

  1. Implement the lessons from this month's release. Consider whether your patching priorities reflect the same areas Microsoft has been investing in, particularly identity, remote administration, networking and other core infrastructure.
  2. Prioritize Remote Desktop vulnerabilities. Remote Desktop remains one of the most heavily targeted enterprise services and continues to be used extensively for lateral movement and ransomware activity.
  3. Prioritize Microsoft Office vulnerabilities, especially where the Preview Pane or minimal user interaction is involved. These vulnerabilities often provide attackers with low-friction initial access paths.
  4. Continue prioritizing Elevation of Privilege vulnerabilities. They may not always make the headlines, but they frequently transform an initial compromise into full exposure.
  5. Review any vulnerabilities marked as Weaponized or Publicly Disclosed and validate that your accelerated patching processes are working as expected.
  6. Evaluate attack chain potential rather than individual CVSS scores. Ask how vulnerabilities could be combined within your own environment and prioritize accordingly.
  7. Prioritize Resilience alongside Prevention. Recovery speed really matters during downtime.

Absolute enables organizations to rapidly restore compromised endpoints at scale using firmware embedded persistence and automated rehydration capabilities helping to reduce downtime and operational strain during major incidents.

Patch smart. Build resilience. Happy patching.

See the July 2026 Patch Tuesday Chart (PDF).

Kind Regards

Rob