Published Thursday, July 16, 2026 at 06:17 AM PT

BLUF: Microsoft has patched two actively exploited zero-day vulnerabilities affecting on-premises SharePoint Server (CVE-2026-56164) and Active Directory Federation Services (CVE-2026-56155) as part of July 2026 Patch Tuesday. Organizations running these services should prioritize patching immediately. Exploitation is confirmed in the wild.
DETAILS:
- CVE-2026-56164 targets on-premises Microsoft SharePoint Server with remote exploitation capability; active exploitation confirmed
- CVE-2026-56155 affects Active Directory Federation Services (AD FS); active exploitation confirmed
- Both vulnerabilities were zero-day at time of discovery and included in Microsoft’s July 2026 Patch Tuesday release
- Patches are available; specific CVSS scores and technical attack vectors not yet fully detailed in available reporting
- Note: Source material truncated; complete technical specifications require access to full Microsoft advisory
IMPACT:
- Scope: Organizations operating on-premises SharePoint Server and/or AD FS deployments are directly at risk
- Criticality: High — both services are core identity and content infrastructure; compromise could enable lateral movement, data exfiltration, and persistent access
- Affected Versions: Specific version ranges uncertain pending full advisory review; assume all supported on-premises deployments require assessment
RECOMMENDED ACTIONS:
- Immediate: Identify all on-premises SharePoint Server and AD FS instances in your environment
- Urgent: Apply Microsoft July 2026 patches to both services; prioritize AD FS as identity infrastructure
- Monitor: Review authentication logs and SharePoint access logs for anomalous activity dating back 30+ days
- Assess: Determine if either service was exposed to untrusted networks during zero-day window
- Plan: If patching cannot be completed within 48 hours, consider temporary network isolation of affected systems
SOURCES:
- SOC Prime threat intelligence
- Microsoft July 2026 Patch Tuesday advisory (partial)
