[CIAD-2026-0035] Multiple Vulnerabilities in Microsoft Products

By Published On: July 17, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Microsoft Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: High


Software Affected


Microsoft Windows

Microsoft Office

Microsoft Dynamics

Developer Tools

SQL Server

Extended Security Updates (ESU) for legacy Microsoft products

Azure

Apps

Device

Open Source Software

Server Software

System Center

Other (Microsoft Copilot, Minecraft Bedrock Dedicated Server, GitHub Copilot Plugin for JetBrains IDEs, Age of Empires II: Definitive Edition Game)

Overview


Multiple vulnerabilities have been reported in Microsoft products that could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code remotely, bypass security restrictions, conduct spoofing attacks, perform tampering of data or system processes, or cause denial-of-service (DoS) conditions.


Target Audience:

Individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products.


Risk Assessment:

Risk of remote code execution, system instability or sensitive information disclosure.


Impact Assessment:

Potential compromise of system, exfiltration of data, ransomware attacks or system crashes.


Description


Multiple vulnerabilities have been reported in Microsoft products that could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code remotely, bypass security restrictions, conduct spoofing attacks, perform tampering of data or system processes, or cause denial-of-service (DoS) conditions.


CVE-2026-56155: This vulnerability exists in Microsoft Active Directory Federation Services (AD FS) due to insufficient granularity of access control. An authenticated attacker could exploit this vulnerability to elevate privileges on the affected system.


CVE-2026-56164: This vulnerability exists in Microsoft Office SharePoint due to missing authentication for a critical function. An unauthenticated attacker could exploit this vulnerability over a network to elevate privileges.


CVE-2026-58644: This vulnerability exists in Microsoft Office SharePoint due to deserialization of untrusted data. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to execute arbitrary code on the target server over a network.


Note: The vulnerabilities CVE-2026-56155 CVE-2026-56164 and CVE-2026-58644 are being exploited in the wild. Users are advised to apply patches immediately.


For complete list of affected products, CVEs, workarounds and solutions, refer to the Microsoft security updates.

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul




Solution


Apply appropriate security updates as mentioned in  

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul


Vendor Information


Microsoft

https://msrc.microsoft.com/update-guide/


References


 

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpaLXIACgkQ3jCgcSdc

ys8e0Q/+O+rtpcX6EBO97TTR0/fx8mBlpNs6sCGD7W877/Ji3VkyBnS4VtCYyFMW

d/wlsf9th401rQ913rn+AHyA2At3W3XeZYOikV6b1kfOUfWeNtz3+Gaw3foUA8vv

bTLDc5ILIxXppv77k8pg5o7wTCD6BzSUMZvgeqq/JjOZ9B6npimEWemKV++9RnjS

LNcLxKU9/SZW7y7V47sWTysV69jFuma6hu/gT+LLPu4hKYTwydtMnCgdUKUUX3yV

qyIchFI+k/Vplu/lOCCJ5XFsGncUswrHpz9M/9T/v8rpW3PNZFD8gpbZ94tXrGwS

Zd5++h5JYzZCS7N1Bw49TaCnWm6gdjINRM6JbSAPRKCdoTcr3HwUNC9ZxGqYo/gV

MJYr71P85rQEEVk1c7YIE6yGnG8FkcYe4Zay4FRHiNvFldcwXcZvC5wVxG7mryyk

DO2LYVURnDvdN5GJzBryt4im4s7GPE4XLB7/ydF5OuMDc+6sR1sklp5ZnDnoRdc4

PEMcKv5Dvs7FqV7XQgWbxxSo5zSxgZHSrdPq1PX57eko6Zq2OmscFNbJqLCDA+Cu

+VbEAJhfRgHCSAZx+4A/DcR0XY6uld7VQ4SjO0mp9Ltrlc/iOa9nwzLGu4HY4WR0

nl7fxRZ7jIMCpBd5v2QZEuAH6USANYsikOUt9TQOzEgPPRZXoh4=

=PZYR

—–END PGP SIGNATURE—–

Share this article