“Pull a list of all SharePoint servers in your environment and verify patch status for CVE-2026-56164 before end of business today — this deadline is real.”
CVE-2026-56164: SharePoint Zero-Day Actively Exploited in the Wild — CISA Deadline TODAY (17 July)
CVE-2026-56164 is an unauthenticated, actively exploited privilege escalation zero-day in SharePoint Server 2016, 2019, and Subscription Edition, discovered by Mandiant/Google FLARE during real-world incident response. Despite a modest CVSS score of 5.3, this pre-auth, zero-click flaw requires no user interaction and is being weaponised right now. CISA's federal patch deadline is 17 July 2026 — today; interim mitigation is enabling AMSI to scan for and detect malicious POST requests.
Read more →CVE-2026-56190: Critical Unauthenticated RDP Server RCE (CVSS 9.8) Patched in July Patch Tuesday
CVE-2026-56190 is a CVSS 9.8 use-of-uninitialized-memory RCE in Windows RDP Server; crafted RDP traffic can corrupt memory and achieve code execution without user interaction. The flaw is only exploitable when Network Level Authentication (NLA) is disabled — enabling NLA closes the pre-authentication path entirely without requiring a patch. MSPs should audit all internet-facing RDP endpoints and enforce NLA immediately, then apply the July update.
Read more →CVE-2026-56190 — RDP Server RCE (CVSS 9.8) in July Patch Tuesday; NLA Closes Pre-Auth Path
CVE-2026-56190 is a critical unauthenticated remote code execution flaw in Windows RDP Server rated CVSS 9.8, exploiting uninitialized memory via specially crafted RDP traffic. While not yet confirmed exploited in the wild, RDP servers remain a top attacker target. Workaround: enabling Network Level Authentication (NLA) completely closes the pre-authentication attack path — apply this immediately on all internet-exposed RDP endpoints, then patch.
Read more →AI-Discovered Vulnerabilities Drive Record Patch Tuesday Volume — New Triage Era for MSPs
Microsoft's AI-powered vulnerability discovery system (MDASH) is credited with surfacing a significant portion of the record 622 CVEs patched in July 2026, with industry analysts declaring the traditional 'Patch Tuesday' cadence is no longer sufficient. The accelerating volume is prompting MSPs to shift from CVE-by-CVE tracking toward risk-based, continuous patching frameworks that prioritise exploitation status over CVSS score. Platforms like Automox, Tenable, and Rapid7 are positioning AI-assisted patch prioritisation as an essential MSP operational tool.
Read more →Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.