Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Microsoft’s July update round shattered its own record with fixes for 570 flaws, nearly triple June’s total, a jump the company attributes to AI-assisted vulnerability discovery across the Windows codebase. Three zero-days made the cut: an Active Directory Federation Services elevation-of-privilege bug and a SharePoint Server flaw already being exploited in the wild, plus a publicly disclosed BitLocker bypass that could expose encrypted data to anyone with physical access to a device. Of the 59 flaws rated critical, 48 allow remote code execution, underscoring why admins are being urged to prioritize this month’s rollout despite its unusual size.
SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
Threat actors are chaining together two flaws in SonicWall’s SMA 1000 Series secure remote access appliances, an unauthenticated server-side request forgery bug in the Work Place interface and a code-injection flaw in the Management Console that enables arbitrary command execution once paired with the first. Hotfixes are available for the affected SMA6210, SMA7210, and SMA8200v models, but the company is stressing that patching alone won’t undo prior compromise, urging customers to comb logs for indicators of compromise, rotate credentials, and reset TOTP tokens on any appliance that shows signs of tampering.
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
Researchers disclosed a pair of access-control flaws in the widely used RabbitMQ message broker that trace back to early 2024. The more severe of the two stems from a management API endpoint whose authorization check was hard-coded to always allow the request, letting an unauthenticated attacker retrieve a broker’s confidential OAuth client secret in a single call and potentially trade it for an admin token to seize full control. A second, lower-severity bug lets any authenticated user enumerate queue and exchange names outside their own permitted scope. Patched versions are out, but since fixing the code doesn’t invalidate secrets already exposed, affected deployments are being told to rotate credentials as well.
Forgotten UEFI shims undermining Secure Boot
Security researchers uncovered 11 old, Microsoft-signed UEFI shim bootloaders that can be used to bypass Secure Boot on the vast majority of UEFI-based machines, regardless of which operating system is installed. Because the shims predate protections like SBAT and MOK-denylist enforcement, an attacker can bring a copy of one of these forgotten binaries to any system that still trusts Microsoft’s third-party UEFI signing certificate and use it to load known-vulnerable second-stage bootloaders, opening the door to persistent bootkit infections that survive OS reinstalls. The flagged binaries were revoked in Microsoft’s June Patch Tuesday update, but the disclosure highlights how many more decade-old signed shims may still be lurking untracked.
Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns
Progress Software told ShareFile customers running Storage Zone Controllers to manually power down the servers hosting them after receiving word of a credible external threat targeting the product, temporarily cutting off account access while it investigated with outside cybersecurity experts. Access has since been restored and the company says it has found no evidence that any customer accounts or data were accessed, though it’s asking that Storage Zone Controllers stay offline until the investigation wraps. Speculation has centered on two previously patched flaws that, when chained, allow unauthenticated remote code execution.