“Identify which clients run SharePoint Server or AD FS on-premises, patch those machines first within 48 hours, then communicate a phased patching schedule to all M365 tenants before rolling anything out.”
Record July 2026 Patch Tuesday: 570 Flaws Fixed Including 2 Actively Exploited Zero-Days
Microsoft's July 2026 Patch Tuesday addresses a record-breaking 570 CVEs — including 59 rated Critical — with two zero-days confirmed exploited in the wild: CVE-2026-56155 (AD FS privilege escalation) and CVE-2026-56164 (SharePoint Server EoP, exploitable unauthenticated over the network). Enabling AMSI with Full Request Body Scan mode on SharePoint can partially mitigate CVE-2026-56164 until patching is complete. Deploy via Windows Update or the Microsoft Update Catalog immediately.
Read more →Microsoft 365 Reported Down for Hundreds of Users — 14 July 2026
Microsoft 365 experienced a reported outage on 14 July 2026, with user reports surging on DownDetector from around 2:30 PM Eastern Time. MSPs should monitor the Microsoft Service Health Dashboard and advise clients to use fallback communication channels while the issue is investigated.
Read more →Azure Windows Server Hotpatching Now Generally Available — Reboot-Free Patching for VMs
Microsoft has made hotpatching for Windows Server on Azure VMs generally available this month, allowing critical security updates to be applied without rebooting. This directly impacts MSPs managing Azure-hosted infrastructure — downtime constraints for patching are significantly reduced, changing the calculus for after-hours maintenance windows.
Read more →CVE-2026-56164: SharePoint Server Zero-Day Actively Exploited in the Wild
CVE-2026-56164 is a missing-authentication elevation of privilege flaw in SharePoint Server 2016, 2019, and Subscription Edition — confirmed exploited in the wild as a zero-day and patched in July Patch Tuesday. An unauthenticated attacker can hit it over the network with no user interaction required; despite a modest CVSS 5.3 score, active abuse makes immediate patching essential. Enabling AMSI with Full Request Body Scan mode provides a partial workaround until the patch is applied.
Read more →CVE-2026-56155: AD FS Privilege Escalation Zero-Day Actively Exploited
CVE-2026-56155 is an actively exploited elevation of privilege vulnerability in Active Directory Federation Services (AD FS), stemming from insufficient access-control granularity. Attackers with local access and low privileges can escalate, and the flaw is frequently paired with RCE in ransomware campaigns — making it a high-priority patch for any environment running AD FS. Deploy the July 2026 Patch Tuesday update immediately.
Read more →SonicWall SMA1000 Series: SQL Injection + VPN Credential Enumeration Flaws Patched
SonicWall patched four vulnerabilities in SMA1000 series appliances, including a high-severity SQL injection (CVE-2026-4112) that could allow read-only admins to obtain primary admin rights, plus three additional flaws enabling SSL VPN credential enumeration and TOTP authentication bypass. SonicWall reports no evidence of in-the-wild exploitation but urges immediate firmware updates. No workaround documented — update SMA1000 appliances to the patched firmware version.
Read more →Claude Tag Slack Integration Can Trigger Unauthorised Enterprise Actions — Tego AI Research
Researchers at Tego AI found that the Claude Tag Slack integration can be manipulated to trigger unauthorised actions within enterprise environments, raising concerns about agentic AI tools operating inside corporate collaboration platforms. This is a practical MSP risk as more clients deploy AI assistants with Slack/Teams integration. Until Anthropic issues a patch, MSPs should review integration permissions and apply least-privilege scoping to any Claude or similar AI bots in client tenants.
Read more →CRN Channel Awards Australia 2026 Shortlist Announced — MSP of the Year Categories Expanded
CRN Australia has announced the finalists for the 2026 CRN Channel Awards, with the MSP of the Year category now split into headcount-based sub-categories due to a surge in applications. Australian MSPs and MSSPs are encouraged to review the shortlist and attend the awards night. This is a strong business development and staff recognition opportunity for channel partners.
Read more →Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.