// DAILY INTELLIGENCE FEED · MSP & HELPDESK
ARCHIVEBLOGSUBSCRIBE FREE →
← back to archive
// ARCHIVED ISSUE

Thursday, July 16, 2026

2 CRITICAL3 WARNING5 storiesin𝕏
// FROM THE FLOOR
RISK_LEVEL: 🔴 HIGH

Triage your clients by SharePoint and AD FS exposure today — send prelim comms to anyone running those services that patches drop this month and patches are mandatory.

// full analysis + daily context delivered to subscribers → subscribe free
🔐 SECURITY4 items
CRITICAL🔐 Security

CVE-2026-55040: Critical SharePoint Auth-Bypass Forms First Half of Unauthenticated RCE Chain

Rapid7 researcher Stephen Fewer disclosed CVE-2026-55040, a critical (CVSS 9.1) authentication bypass in SharePoint Server that is the first half of an unauthenticated RCE exploit chain; the second vulnerability remains embargoed until August 2026 Patch Tuesday. Patches are available now for SharePoint Server Subscription Edition, 2019, and 2016. MSPs should apply the July SharePoint cumulative update immediately — the full RCE chain is expected to be public in approximately four weeks.

Read more →
CRITICAL🔐 Security

CRITICAL: CVE-2026-56155 — Active Directory Federation Services EoP Exploited in the Wild

CVE-2026-56155 is an actively exploited elevation-of-privilege vulnerability in Active Directory Federation Services (ADFS), confirmed by Microsoft's own incident responders and added to the CISA KEV catalog. An attacker with local access and low privileges can gain full administrator control of the ADFS server, which can then be chained with an RCE bug — a pattern frequently seen in ransomware incidents. Apply July Patch Tuesday updates immediately; Microsoft has also begun hardening the ACL on the AD FS Distributed Key Manager container as a supplementary measure.

Read more →
WARNING🔐 Security

CVE-2026-50661 — Windows BitLocker Bypass Publicly Disclosed Before Patch; Physical Access Required

A publicly disclosed BitLocker security feature bypass (CVE-2026-56661) was patched in the July 2026 Patch Tuesday update; exploitation is not yet confirmed in the wild but the public PoC makes this a countdown clock rather than a free pass. Exploitation requires physical access to the device. Prioritise patching on laptops and devices exposed to physical theft or untrusted environments.

Read more →
WARNING🔐 Security

CVE-2026-57092 — Windows VMSwitch VM-Escape Bug Rated CVSS 9.9 Patched This Month

The highest-severity bug in July's Patch Tuesday is CVE-2026-57092, a use-after-free vulnerability in Windows VMSwitch scored at CVSS 9.9 that allows a low-privileged attacker inside a virtual machine to escalate all the way to full host compromise. While not yet confirmed as actively exploited, the severity and vector make this a priority patch for any Hyper-V environment. Apply July updates to all Hyper-V hosts without delay.

Read more →
🤖 AI/TOOLING1 item
WARNING🤖 AI/Tooling

GitHub Copilot and VS Code Land Security Feature Bypass Bugs in July Patch Tuesday

The July 2026 Patch Tuesday included security feature bypass vulnerabilities in GitHub Copilot, Visual Studio Code, and Visual Studio — mostly injection or path-traversal flavoured flaws. MSPs deploying AI coding assistants to developers or using VS Code in managed environments should apply Microsoft's July updates to cover these tools, not just Windows and server products.

Read more →
Wednesday, July 15, 2026
// this lands in your inbox every weekday

This is what you get — every weekday, free.

Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.

// no spam · every weekday morning · unsubscribe anytime

LATESTARCHIVEBLOGSUBSCRIBE

// AI-assisted · always verify before acting · not professional security advice