// DAILY INTELLIGENCE FEED · MSP & HELPDESK
ARCHIVEBLOGSUBSCRIBE FREE →
← back to archive
// ARCHIVED ISSUE

Friday, July 17, 2026

1 CRITICAL2 WARNING4 storiesin𝕏
// FROM THE FLOOR
RISK_LEVEL: 🔴 HIGH

Pull a list of all SharePoint servers in your environment and verify patch status for CVE-2026-56164 before end of business today — this deadline is real.

// full analysis + daily context delivered to subscribers → subscribe free
🔐 SECURITY3 items
CRITICAL🔐 Security

CVE-2026-56164: SharePoint Zero-Day Actively Exploited in the Wild — CISA Deadline TODAY (17 July)

CVE-2026-56164 is an unauthenticated, actively exploited privilege escalation zero-day in SharePoint Server 2016, 2019, and Subscription Edition, discovered by Mandiant/Google FLARE during real-world incident response. Despite a modest CVSS score of 5.3, this pre-auth, zero-click flaw requires no user interaction and is being weaponised right now. CISA's federal patch deadline is 17 July 2026 — today; interim mitigation is enabling AMSI to scan for and detect malicious POST requests.

Read more →
WARNING🔐 Security

CVE-2026-56190: Critical Unauthenticated RDP Server RCE (CVSS 9.8) Patched in July Patch Tuesday

CVE-2026-56190 is a CVSS 9.8 use-of-uninitialized-memory RCE in Windows RDP Server; crafted RDP traffic can corrupt memory and achieve code execution without user interaction. The flaw is only exploitable when Network Level Authentication (NLA) is disabled — enabling NLA closes the pre-authentication path entirely without requiring a patch. MSPs should audit all internet-facing RDP endpoints and enforce NLA immediately, then apply the July update.

Read more →
WARNING🔐 Security

CVE-2026-56190 — RDP Server RCE (CVSS 9.8) in July Patch Tuesday; NLA Closes Pre-Auth Path

CVE-2026-56190 is a critical unauthenticated remote code execution flaw in Windows RDP Server rated CVSS 9.8, exploiting uninitialized memory via specially crafted RDP traffic. While not yet confirmed exploited in the wild, RDP servers remain a top attacker target. Workaround: enabling Network Level Authentication (NLA) completely closes the pre-authentication attack path — apply this immediately on all internet-exposed RDP endpoints, then patch.

Read more →
🤖 AI/TOOLING1 item
INFO🤖 AI/Tooling

AI-Discovered Vulnerabilities Drive Record Patch Tuesday Volume — New Triage Era for MSPs

Microsoft's AI-powered vulnerability discovery system (MDASH) is credited with surfacing a significant portion of the record 622 CVEs patched in July 2026, with industry analysts declaring the traditional 'Patch Tuesday' cadence is no longer sufficient. The accelerating volume is prompting MSPs to shift from CVE-by-CVE tracking toward risk-based, continuous patching frameworks that prioritise exploitation status over CVSS score. Platforms like Automox, Tenable, and Rapid7 are positioning AI-assisted patch prioritisation as an essential MSP operational tool.

Read more →
Thursday, July 16, 2026
// this lands in your inbox every weekday

This is what you get — every weekday, free.

Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.

// no spam · every weekday morning · unsubscribe anytime

LATESTARCHIVEBLOGSUBSCRIBE

// AI-assisted · always verify before acting · not professional security advice