TL;DR
Microsoft SharePoint Server authentication bypass is actively exploited in the wild requiring emergency federal patching by July 17. Zoom critical account takeover flaw affects Windows desktop clients. Windows zero-day PoC released. Microsoft released record 570 patches on Patch Tuesday.
Executive Summary
- CISA added CVE-2026-56164 (Microsoft SharePoint Server) to Known Exploited Vulnerabilities catalog; missing authentication allows unauthenticated remote privilege escalation with federal remediation deadline of July 17, 2026.
- Zoom disclosed a critical account takeover vulnerability in its Windows desktop client and SDK that could allow unauthenticated parties to hijack accounts.
- A Windows User Profile Service zero-day PoC named LegacyHive was released by researcher Chaotic Eclipse hours after Microsoft Patch Tuesday, describing an arbitrary hive load elevation-of-privileges flaw.
- Microsoft patched a record 570 security vulnerabilities in its latest Patch Tuesday release, nearly triple the prior month's total.
- Firefox and Chrome received critical updates addressing flaws for which exploit code has been published.
Top Threats Today
1. Microsoft SharePoint Server Unauthenticated Remote Code Execution
Severity: CRITICAL Affected: Government, Technology
CVE-2026-56164 is a missing authentication vulnerability in Microsoft SharePoint Server that allows an unauthorized attacker to elevate privileges over a network ⚠ [2]. SecurityWeek reports that three SharePoint vulnerabilities are actively exploited in attacks, including two that were targeted as zero-days ⚠[1]. CISA added CVE-2026-56164 to its Known Exploited Vulnerabilities catalog on July 14, 2026, with a federal remediation deadline of July 17, 2026 [2].
Sources:[1] SecurityWeek[2] CISA KEV
Recommended Action
- Prioritize patching of SharePoint Server immediately; federal agencies must complete remediation by July 17, 2026 [32]
- Apply Microsoft's latest security updates for SharePoint and monitor for anomalous authentication attempts or privilege escalation activity [27]
- Segment SharePoint systems from critical network resources; restrict unauthenticated access to SharePoint interfaces
- Review access logs for evidence of unauthorized privilege escalation or reconnaissance activity
2. Zoom Critical Account Takeover Vulnerability
Severity: CRITICAL Affected: Technology
Zoom has disclosed a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack user accounts [1].
Sources:[1] BleepingComputer
Recommended Action
- Deploy the latest Zoom client and SDK updates to all Windows endpoints immediately [7]
- Enforce multi-factor authentication (MFA) on all Zoom user accounts to prevent unauthorized access [7]
- Monitor Zoom logs for suspicious account access patterns or unauthorized sign-ins from unfamiliar locations
- Educate users about the critical nature of this vulnerability and advise against opening Zoom links from untrusted sources pending patch deployment
3. Windows User Profile Service Zero-Day Proof-of-Concept Release
Severity: HIGH Affected: Technology
Security researcher Chaotic Eclipse released a proof-of-concept exploit called LegacyHive for a Windows User Profile Service arbitrary hive load elevation-of-privileges vulnerability [1]. The PoC was released hours after Microsoft's Patch Tuesday release [1].
Sources:[1] The Hacker News
Recommended Action
- Monitor systems for exploitation attempts targeting Windows User Profile Service; PoC availability increases attack surface [5]
- Ensure all Windows systems are fully updated with the latest Patch Tuesday security fixes
- Implement application whitelisting and privileged account monitoring to detect unauthorized privilege escalation attempts
4. Microsoft Patch Tuesday Record 570 Vulnerabilities
Severity: HIGH Affected: Technology
Microsoft released software updates addressing at least 570 security holes in Windows operating systems and other software, nearly triple the number of vulnerabilities fixed in the previous month's record-breaking Patch Tuesday [1]. Microsoft attributed the increase to expanded update coverage [1].
Sources:[1] Krebs on Security
Recommended Action
- Develop a prioritized patching schedule focusing on critical and high-severity CVEs affecting widely-deployed systems [11]
- Test patches in non-production environments before broad enterprise deployment to identify compatibility issues
- Establish metrics to track patch deployment progress; aim to deploy critical patches within 2-7 days [11]
- Communicate patch urgency to stakeholders given the volume and severity of this release
5. Firefox and Chrome Critical Security Updates Released
Severity: HIGH Affected: Technology
Mozilla released updates to Firefox addressing two critical flaws: CVE-2026-15718 (an invalid pointer in the JavaScript/WebAssembly component) and CVE-2026-15719 (a site isolation flaw in DOM navigation) [1]. Mozilla warned that exploit code has been published for these vulnerabilities [1]. Chrome, Adobe, and VMware also released critical security updates [1].
Sources:[1] The Hacker News
Recommended Action
- Deploy Firefox and Chrome updates immediately to all user endpoints; published exploit code increases active exploitation risk [3]
- Verify browser auto-update settings are enabled on all managed systems
- Review Adobe and VMware update status across the enterprise and deploy available patches promptly [3]
Today’s Action Checklist
- ☐ URGENT: Initiate emergency patching of Microsoft SharePoint Server; federal remediation deadline is July 17, 2026 [32]
- ☐ URGENT: Deploy Zoom critical security update to all Windows desktop clients and development environments [7]
- ☐ HIGH: Distribute Microsoft Patch Tuesday security updates with priority to critical and high-severity CVEs [11]
- ☐ HIGH: Push Firefox and Chrome updates across the organization; exploit code is publicly available [3]
- ☐ MEDIUM: Enable and enforce multi-factor authentication (MFA) on all Zoom user accounts to mitigate account takeover risk [7]
- ☐ MEDIUM: Monitor endpoint detection and response (EDR) systems for Windows User Profile Service exploitation attempts [5]