
[CIAD-2026-0035] Multiple Vulnerabilities in Microsoft Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Microsoft Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: High
Software Affected
Microsoft Windows
Microsoft Office
Microsoft Dynamics
Developer Tools
SQL Server
Extended Security Updates (ESU) for legacy Microsoft products
Azure
Apps
Device
Open Source Software
Server Software
System Center
Other (Microsoft Copilot, Minecraft Bedrock Dedicated Server, GitHub Copilot Plugin for JetBrains IDEs, Age of Empires II: Definitive Edition Game)
Overview
Multiple vulnerabilities have been reported in Microsoft products that could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code remotely, bypass security restrictions, conduct spoofing attacks, perform tampering of data or system processes, or cause denial-of-service (DoS) conditions.
Target Audience:
Individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products.
Risk Assessment:
Risk of remote code execution, system instability or sensitive information disclosure.
Impact Assessment:
Potential compromise of system, exfiltration of data, ransomware attacks or system crashes.
Description
Multiple vulnerabilities have been reported in Microsoft products that could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code remotely, bypass security restrictions, conduct spoofing attacks, perform tampering of data or system processes, or cause denial-of-service (DoS) conditions.
CVE-2026-56155: This vulnerability exists in Microsoft Active Directory Federation Services (AD FS) due to insufficient granularity of access control. An authenticated attacker could exploit this vulnerability to elevate privileges on the affected system.
CVE-2026-56164: This vulnerability exists in Microsoft Office SharePoint due to missing authentication for a critical function. An unauthenticated attacker could exploit this vulnerability over a network to elevate privileges.
CVE-2026-58644: This vulnerability exists in Microsoft Office SharePoint due to deserialization of untrusted data. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to execute arbitrary code on the target server over a network.
Note: The vulnerabilities CVE-2026-56155 CVE-2026-56164 and CVE-2026-58644 are being exploited in the wild. Users are advised to apply patches immediately.
For complete list of affected products, CVEs, workarounds and solutions, refer to the Microsoft security updates.
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul
Solution
Apply appropriate security updates as mentioned in
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul
Vendor Information
Microsoft
https://msrc.microsoft.com/update-guide/
References
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpaLXIACgkQ3jCgcSdc
ys8e0Q/+O+rtpcX6EBO97TTR0/fx8mBlpNs6sCGD7W877/Ji3VkyBnS4VtCYyFMW
d/wlsf9th401rQ913rn+AHyA2At3W3XeZYOikV6b1kfOUfWeNtz3+Gaw3foUA8vv
bTLDc5ILIxXppv77k8pg5o7wTCD6BzSUMZvgeqq/JjOZ9B6npimEWemKV++9RnjS
LNcLxKU9/SZW7y7V47sWTysV69jFuma6hu/gT+LLPu4hKYTwydtMnCgdUKUUX3yV
qyIchFI+k/Vplu/lOCCJ5XFsGncUswrHpz9M/9T/v8rpW3PNZFD8gpbZ94tXrGwS
Zd5++h5JYzZCS7N1Bw49TaCnWm6gdjINRM6JbSAPRKCdoTcr3HwUNC9ZxGqYo/gV
MJYr71P85rQEEVk1c7YIE6yGnG8FkcYe4Zay4FRHiNvFldcwXcZvC5wVxG7mryyk
DO2LYVURnDvdN5GJzBryt4im4s7GPE4XLB7/ydF5OuMDc+6sR1sklp5ZnDnoRdc4
PEMcKv5Dvs7FqV7XQgWbxxSo5zSxgZHSrdPq1PX57eko6Zq2OmscFNbJqLCDA+Cu
+VbEAJhfRgHCSAZx+4A/DcR0XY6uld7VQ4SjO0mp9Ltrlc/iOa9nwzLGu4HY4WR0
nl7fxRZ7jIMCpBd5v2QZEuAH6USANYsikOUt9TQOzEgPPRZXoh4=
=PZYR
—–END PGP SIGNATURE—–


