// DAILY INTELLIGENCE FEED · MSP & HELPDESK
ARCHIVEBLOGSUBSCRIBE FREE →
← back to archive
// ARCHIVED ISSUE

Wednesday, July 15, 2026

3 CRITICAL3 WARNING8 storiesin𝕏
// FROM THE FLOOR
RISK_LEVEL: 🔴 HIGH

Identify which clients run SharePoint Server or AD FS on-premises, patch those machines first within 48 hours, then communicate a phased patching schedule to all M365 tenants before rolling anything out.

// full analysis + daily context delivered to subscribers → subscribe free
☁️ M365/AZURE3 items
CRITICAL☁️ M365/Azure

Record July 2026 Patch Tuesday: 570 Flaws Fixed Including 2 Actively Exploited Zero-Days

Microsoft's July 2026 Patch Tuesday addresses a record-breaking 570 CVEs — including 59 rated Critical — with two zero-days confirmed exploited in the wild: CVE-2026-56155 (AD FS privilege escalation) and CVE-2026-56164 (SharePoint Server EoP, exploitable unauthenticated over the network). Enabling AMSI with Full Request Body Scan mode on SharePoint can partially mitigate CVE-2026-56164 until patching is complete. Deploy via Windows Update or the Microsoft Update Catalog immediately.

Read more →
WARNING☁️ M365/Azure

Microsoft 365 Reported Down for Hundreds of Users — 14 July 2026

Microsoft 365 experienced a reported outage on 14 July 2026, with user reports surging on DownDetector from around 2:30 PM Eastern Time. MSPs should monitor the Microsoft Service Health Dashboard and advise clients to use fallback communication channels while the issue is investigated.

Read more →
INFO☁️ M365/Azure

Azure Windows Server Hotpatching Now Generally Available — Reboot-Free Patching for VMs

Microsoft has made hotpatching for Windows Server on Azure VMs generally available this month, allowing critical security updates to be applied without rebooting. This directly impacts MSPs managing Azure-hosted infrastructure — downtime constraints for patching are significantly reduced, changing the calculus for after-hours maintenance windows.

Read more →
🔐 SECURITY2 items
CRITICAL🔐 Security

CVE-2026-56164: SharePoint Server Zero-Day Actively Exploited in the Wild

CVE-2026-56164 is a missing-authentication elevation of privilege flaw in SharePoint Server 2016, 2019, and Subscription Edition — confirmed exploited in the wild as a zero-day and patched in July Patch Tuesday. An unauthenticated attacker can hit it over the network with no user interaction required; despite a modest CVSS 5.3 score, active abuse makes immediate patching essential. Enabling AMSI with Full Request Body Scan mode provides a partial workaround until the patch is applied.

Read more →
CRITICAL🔐 Security

CVE-2026-56155: AD FS Privilege Escalation Zero-Day Actively Exploited

CVE-2026-56155 is an actively exploited elevation of privilege vulnerability in Active Directory Federation Services (AD FS), stemming from insufficient access-control granularity. Attackers with local access and low privileges can escalate, and the flaw is frequently paired with RCE in ransomware campaigns — making it a high-priority patch for any environment running AD FS. Deploy the July 2026 Patch Tuesday update immediately.

Read more →
🔥 NETWORKING1 item
WARNING🔥 Networking

SonicWall SMA1000 Series: SQL Injection + VPN Credential Enumeration Flaws Patched

SonicWall patched four vulnerabilities in SMA1000 series appliances, including a high-severity SQL injection (CVE-2026-4112) that could allow read-only admins to obtain primary admin rights, plus three additional flaws enabling SSL VPN credential enumeration and TOTP authentication bypass. SonicWall reports no evidence of in-the-wild exploitation but urges immediate firmware updates. No workaround documented — update SMA1000 appliances to the patched firmware version.

Read more →
🤖 AI/TOOLING1 item
WARNING🤖 AI/Tooling

Claude Tag Slack Integration Can Trigger Unauthorised Enterprise Actions — Tego AI Research

Researchers at Tego AI found that the Claude Tag Slack integration can be manipulated to trigger unauthorised actions within enterprise environments, raising concerns about agentic AI tools operating inside corporate collaboration platforms. This is a practical MSP risk as more clients deploy AI assistants with Slack/Teams integration. Until Anthropic issues a patch, MSPs should review integration permissions and apply least-privilege scoping to any Claude or similar AI bots in client tenants.

Read more →
📡 INDUSTRY1 item
INFO📡 Industry

CRN Channel Awards Australia 2026 Shortlist Announced — MSP of the Year Categories Expanded

CRN Australia has announced the finalists for the 2026 CRN Channel Awards, with the MSP of the Year category now split into headcount-based sub-categories due to a surge in applications. Australian MSPs and MSSPs are encouraged to review the shortlist and attend the awards night. This is a strong business development and staff recognition opportunity for channel partners.

Read more →
Tuesday, July 14, 2026
// this lands in your inbox every weekday

This is what you get — every weekday, free.

Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.

// no spam · every weekday morning · unsubscribe anytime

LATESTARCHIVEBLOGSUBSCRIBE

// AI-assisted · always verify before acting · not professional security advice