Microsoft's July 2026 Patch Tuesday drops a record 570 security fixes — including two actively exploited zero-days targeting SharePoint and AD FS with hard CISA deadlines. AI is accelerating both sides of the fight, and defenders are running out of buffer time.
Audio is available on Spreaker — see link below.
Two Microsoft zero-days are being actively exploited right now, and one of them has a patch deadline of July seventeenth. That's not a soft recommendation.
The more urgent of the two is CVE-2026-56164, a privilege escalation flaw in SharePoint Server. Here's what makes it particularly dangerous: an attacker doesn't need credentials to exploit it.
Two other vulnerabilities deserve attention even without confirmed active exploitation. CVE-2026-55005 is a heap-based buffer overflow in Exchange Server.
The five hundred and seventy-fix volume isn't just a story about threats. Microsoft credits expanded AI-assisted vulnerability discovery for a significant portion of that increase.
The defensive side of AI is under pressure too. A twenty twenty-six SANS survey found that sixty-three percent of security practitioners report significant shortcomings in AI-driven threat detection and response.
The near-term watchpoints are straightforward. The July seventeenth SharePoint deadline is the most urgent.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.