Patch Tuesday Dashboard

Assurance Security Dashboard: July 2026 Patch Tuesday

July 2026 Assurance Security Dashboard infographic: 610 CVEs across Windows, Browser, Developer Tools, Office, Exchange and SQL Server with 51 Critical and 3 zero-day flag(s)

Microsoft’s July 2026 Patch Tuesday addresses 610 CVEs across the July security release. The infographic above summarises severity and risk level by product family; the prose below unpacks the items that need attention this cycle. 3 CVEs carry a zero-day flag (publicly disclosed and/or being exploited in the wild).

July 2026 Patch Tuesday: updates by product family

  • Windows - 31 Critical, 381 Important, 1 Moderate, top CVSS 9.9. Action: Patch Now.
  • Browsers - 42 Important, 3 Moderate, 1 Low, top CVSS 9. Action: Schedule.
  • Development - 26 Important, top CVSS 8.8. Action: Schedule.
  • Office - 18 Critical, 76 Important, 1 Moderate, top CVSS 9.8. Action: Patch Now.
  • Exchange - no updates this month.
  • SQL Server - 2 Critical, 7 Important, top CVSS 8.8. Action: Patch Now.

Notable CVEs this cycle

  • CVE-2026-56155 (Windows) - Exploited, CVSS 7.8.
  • CVE-2026-56164 (Office) - Exploited, CVSS 5.3.
  • CVE-2026-50661 (Windows) - Publicly Disclosed, CVSS 6.1.

Patch now: Windows, Office, SQL Server. Critical-rated or actively exploited vulnerabilities drive these into the immediate-action queue.

Schedule: Browsers, Development. Important-rated vulnerabilities to roll into the regular monthly update cycle.

Every patch, every platform change, every application update is a risk-based decision under uncertainty. Readiness Assurance turns that uncertainty into prescriptive guidance - where applications are scanned, tested, documented, and delivered with certainty into production.