Microsoft July 2026 Security Updates: Critical BitLocker and AD FS Fixes
Microsoft has released its July 2026 security updates, addressing 622 Microsoft-assigned CVEs and 428 Chromium vulnerabilities across Windows, Office, and Azure. Organizations should prioritize immediate patching for critical flaws under active exploitation, including the BitLocker security bypass and Active Directory Federation Services privilege escalation. This release also brings generally available hotpatching for Windows Server on Azure, TDI transport hardening, and a bundled curl upgrade to version 8.21.0. Administrators can deploy the fixes via Windows Update or the Microsoft Update Catalog, though Office 2016 users must manage 18 individual patches rather than a single cumulative update.
Microsoft July 2026 Security Updates: Critical BitLocker and AD FS Fixes @ NT Compatible
Microsoft July 2026 Security Updates: Critical BitLocker and AD FS Fixes
Microsoft's July 2026 security updates address over 1,000 vulnerabilities, including critical flaws in BitLocker and Active Directory Federation Services (AD FS) that are currently under active exploitation. Organizations are urged to prioritize patching these vulnerabilities, especially CVE-2026-50661, which allows bypassing BitLocker protections, and CVE-2026-56155, which affects AD FS and SharePoint Server. The updates include hotpatching for Windows Server on Azure, allowing security updates without downtime, and the release of multiple patches for Office 2016, which requires separate handling compared to newer versions. Administrators are advised to install the latest servicing stack update first and test patches in a staging environment before full deployment to ensure a smooth update process
