Patch Tuesday Dashboard
Assurance Security Dashboard: July 2026 Patch Tuesday
Microsoft’s July 2026 Patch Tuesday addresses 610 CVEs across the July security release. The infographic above summarises severity and risk level by product family; the prose below unpacks the items that need attention this cycle. 3 CVEs carry a zero-day flag (publicly disclosed and/or being exploited in the wild).
July 2026 Patch Tuesday: updates by product family
- Windows - 31 Critical, 381 Important, 1 Moderate, top CVSS 9.9. Action: Patch Now.
- Browsers - 42 Important, 3 Moderate, 1 Low, top CVSS 9. Action: Schedule.
- Development - 26 Important, top CVSS 8.8. Action: Schedule.
- Office - 18 Critical, 76 Important, 1 Moderate, top CVSS 9.8. Action: Patch Now.
- Exchange - no updates this month.
- SQL Server - 2 Critical, 7 Important, top CVSS 8.8. Action: Patch Now.
Notable CVEs this cycle
- CVE-2026-56155 (Windows) - Exploited, CVSS 7.8.
- CVE-2026-56164 (Office) - Exploited, CVSS 5.3.
- CVE-2026-50661 (Windows) - Publicly Disclosed, CVSS 6.1.
Recommended actions
Patch now: Windows, Office, SQL Server. Critical-rated or actively exploited vulnerabilities drive these into the immediate-action queue.
Schedule: Browsers, Development. Important-rated vulnerabilities to roll into the regular monthly update cycle.
Every patch, every platform change, every application update is a risk-based decision under uncertainty. Readiness Assurance turns that uncertainty into prescriptive guidance - where applications are scanned, tested, documented, and delivered with certainty into production.