Microsoft security advisory – July 2026 monthly rollup (AV26-698)

Serial number: AV26–698
Date: July 14, 2026

On July 14, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

  • .NET 10.0 installed on Linux
  • .NET 10.0 installed on Mac OS
  • .NET 10.0 installed on Windows
  • .NET 8.0 installed on Linux
  • .NET 8.0 installed on Mac OS
  • .NET 8.0 installed on Windows
  • .NET 9.0 installed on Linux
  • .NET 9.0 installed on Mac OS
  • .NET 9.0 installed on Windows
  • Age of Empires II: Definitive Edition Game
  • Azure Active Directory
  • Azure CycleCloud 8.9.1
  • Azure Monitor Agent Metrics Extension
  • Azure Open AI
  • Azure Spring Apps
  • Azure Synapse
  • Fabric Data Warehouse
  • GitHub Copilot Plugin for JetBrains IDEs
  • Microsoft .NET Framework
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 4.8.1
  • Microsoft 365 Apps
  • Microsoft 365 Apps for Enterprise
  • Microsoft 365 Copilot
  • Microsoft 365 Copilot for Android
  • Microsoft 365 Copilot for iOS
  • Microsoft Bing Search for iOS
  • Microsoft Defender for Endpoint for Mac
  • Microsoft Dynamics NAV 2018
  • Microsoft Edge (Chromium-based)
  • Microsoft Entra Provisioning Service
  • Microsoft Excel 2016
  • Microsoft Exchange Online
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server Subscription Edition RTM
  • Microsoft Malware Protection Engine
  • Microsoft Office 2016
  • Microsoft Office 2019
  • Microsoft Office 365 for Mac
  • Microsoft Office LTSC 2021
  • Microsoft Office LTSC 2024
  • Microsoft Office LTSC for Mac 2021
  • Microsoft Office LTSC for Mac 2024
  • Microsoft Office for Android
  • Microsoft PC Manager
  • Microsoft PowerPoint 2016
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2019
  • Microsoft SQL Server 2022
  • Microsoft SQL Server 2025
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft Surface Go 2
  • Microsoft Surface Go 3
  • Microsoft Surface Hub
  • Microsoft Surface Hub 2S
  • Microsoft Surface Hub 3
  • Microsoft Surface Laptop Go
  • Microsoft Surface Laptop Go 2
  • Microsoft Surface Laptop Go 3
  • Microsoft Surface Pro 7+
  • Microsoft Surface Pro 8
  • Microsoft Visual Studio 2022
  • Microsoft Visual Studio 2026
  • Microsoft Word 2016
  • AspNet.OData
  • AspNetCore.OData
  • Minecraft Bedrock Dedicated Server
  • Office Online Server
  • Power BI Report Server
  • Surface Laptop 4 with AMD Processor
  • Surface Laptop 4 with Intel Processor
  • Surface Windows Dev Kit
  • Visual Studio Code
  • Windows 10
  • Windows 11
  • Windows 11 Version
  • Windows Admin Center
  • Windows Remote Help
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025
  • Windows Subsystem for Linux (WSL2)
  • Windows Terminal for Windows 10
  • Windows Terminal for Windows 11

Microsoft has indicated that CVE-2026-56164 and CVE-2026-56155 are being exploited.

On July 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-56164 and CVE-2026-56155 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Date modified: