Virtual Administrator’s July 2026 Patch Recommendations

Patch Recommendations

All new patches will be approved in our patch policy.

 

This month Microsoft released patches for 570 vulnerabilities with 59 rated “Critical” in severity.

July brings a breathtaking 570 patches. This is two records at once. It’s a all time monthly high and it also brings the yearly total of releases to a record – and it’s only July. Three of the releases are zero-day vulnerabilities.

  • CVE-2026-56155 and CVE-2026-56164 are being exploited. CVE-2026-56155 is an elevation of privilege vulnerability in Active Directory Federation Services and CVE-2026-56164 is an elevation of privilege vulnerability in Microsoft SharePoint vulnerability.
  • CVE-2026-50661 is a disclosed Security Feature Bypass affecting Windows BitLocker.
  • New standalone SSUs for Windows 10 1607/Server 2016 and Server 212/2012R2.

 

Disclosed: CVE-2026-50661

Exploited: CVE-2026-56155, CVE-2026-56164

 

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

 

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:3/1/2018 | Last Updated: 7/14/2026)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.

 

Heads Up!

Secure Boot certificates used by most Windows devices expired starting in June 2026.

Windows Secure Boot certificate expiration and CA updates

https://support.microsoft.com/en-us/servicing/os/secure-boot/2025/06/windows-secure-boot-certificate-expiration-and-ca-updates

Secure Boot playbook for certificates expiring in 2026

https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235

 

Known Issues

The July Preview update KB5095093 for Windows 11 24H2/25H2 caused performance issues on some Dell machines – mostly laptops. The July CU KB5101650 will not be offered to affected machines until this is fixed.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

Good resource for known issues with Windows 10/11/Server patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

 

“Some Dell devices with a specific Intel driver might experience poor performance”

https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-25H2#4906msgdesc

Affected platforms: Windows 11 24H2/25H2

Symptoms: After installing the June 23, 2026, Windows preview update (KB5095093), a limited number of Dell devices might display a yellow exclamation point in Device Manager next to the Intel Innovation Platform Framework Processor Participant driver. In some cases, affected devices might experience changes in performance, power consumption, or system behavior.

Workaround: To mitigate this issue, the July 14, 2026, Windows security update for Windows 11, version 25H2 and Windows 11, version 24H2 (KB5101650) will not be offered to affected devices while Microsoft works with partners to resolve this issue.

Status: Microsoft plans to release a resolution for affected devices in the next few days.

Microsoft Confirms Dell Laptops Shut Down, Increase Heat Following July Windows Update

https://cybersecuritynews.com/dell-laptops-shut-down-july-update/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB5099444 – Windows Server 2012 R2 (ESU)
  • KB5099445 – Windows Server 2012 (ESU)

 

Cumulative Updates

Windows 10

  • KB5099539 – Version 21H2 “November 2021 Update” (OS Build 19044) (ESU)
  • KB5099539 – Version 22H2 “November 2022 Update” (OS Build 19045) (ESU)

(Versions 1507,1511,1607,1703,1709,1803,1809,1903,1909,2004,20H2,21H1 are no longer under support)

 

Windows 11

  • KB5099414 – 23H2 (OS Build 22631)
  • KB5101650 – 24H2 (OS Build 26100)
  • KB5101650 – 25H2 (OS Build 26200)
  • KB5101649 – 26H1 (OS Build 28000)

(Version 21H2,22H2 are no longer under support)

 

Windows Server

  • KB5099535 – Server 2016 (EOS January 2027)
  • KB5099538 – Server 2019 (EOS January 2029)
  • KB5099540 – Server 2022 (OS Build 20348)
  • KB5099536 – Server 2025 (OS Build 26100)

 

July 2026 updates for Microsoft Office

https://support.microsoft.com/en-us/servicing/office/update/2026/5105810

 

Notable CVEs

 

CVE-2026-50661 | Windows BitLocker Security Feature Bypass Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50661

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

 

CVE-2026-56155 | Active Directory Federation Services Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56155

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

 

CVE-2026-56164 | Microsoft SharePoint Server Elevation of Privilege Vulnerability (KB5002882,KB5002883,KB5002891)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-56164

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.