“Triage your clients by SharePoint and AD FS exposure today — send prelim comms to anyone running those services that patches drop this month and patches are mandatory.”
CVE-2026-55040: Critical SharePoint Auth-Bypass Forms First Half of Unauthenticated RCE Chain
Rapid7 researcher Stephen Fewer disclosed CVE-2026-55040, a critical (CVSS 9.1) authentication bypass in SharePoint Server that is the first half of an unauthenticated RCE exploit chain; the second vulnerability remains embargoed until August 2026 Patch Tuesday. Patches are available now for SharePoint Server Subscription Edition, 2019, and 2016. MSPs should apply the July SharePoint cumulative update immediately — the full RCE chain is expected to be public in approximately four weeks.
Read more →CRITICAL: CVE-2026-56155 — Active Directory Federation Services EoP Exploited in the Wild
CVE-2026-56155 is an actively exploited elevation-of-privilege vulnerability in Active Directory Federation Services (ADFS), confirmed by Microsoft's own incident responders and added to the CISA KEV catalog. An attacker with local access and low privileges can gain full administrator control of the ADFS server, which can then be chained with an RCE bug — a pattern frequently seen in ransomware incidents. Apply July Patch Tuesday updates immediately; Microsoft has also begun hardening the ACL on the AD FS Distributed Key Manager container as a supplementary measure.
Read more →CVE-2026-50661 — Windows BitLocker Bypass Publicly Disclosed Before Patch; Physical Access Required
A publicly disclosed BitLocker security feature bypass (CVE-2026-56661) was patched in the July 2026 Patch Tuesday update; exploitation is not yet confirmed in the wild but the public PoC makes this a countdown clock rather than a free pass. Exploitation requires physical access to the device. Prioritise patching on laptops and devices exposed to physical theft or untrusted environments.
Read more →CVE-2026-57092 — Windows VMSwitch VM-Escape Bug Rated CVSS 9.9 Patched This Month
The highest-severity bug in July's Patch Tuesday is CVE-2026-57092, a use-after-free vulnerability in Windows VMSwitch scored at CVSS 9.9 that allows a low-privileged attacker inside a virtual machine to escalate all the way to full host compromise. While not yet confirmed as actively exploited, the severity and vector make this a priority patch for any Hyper-V environment. Apply July updates to all Hyper-V hosts without delay.
Read more →GitHub Copilot and VS Code Land Security Feature Bypass Bugs in July Patch Tuesday
The July 2026 Patch Tuesday included security feature bypass vulnerabilities in GitHub Copilot, Visual Studio Code, and Visual Studio — mostly injection or path-traversal flavoured flaws. MSPs deploying AI coding assistants to developers or using VS Code in managed environments should apply Microsoft's July updates to cover these tools, not just Windows and server products.
Read more →Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.