Live
Microsoft Ships AD FS Fix, But Automatic Remediation Is Months Away — Here’s How to Secure Your Keys Now·MSFT +0.1%High-Severity CVE-2026-55948: Excel Workbook Flaw Demands Quick Patch·NVDA +3.0%Excel Patch for July 2026 Closes Remote Code Execution Hole Exploited via Malicious Files·GOOGL +1.2%CVE-2026-54988: Microsoft's Excel Update Fixes Data Leak and Crash Flaw·AMZN +2.9%Microsoft Deploys Fix for Excel Heap Overflow That Can Crash Apps and Expose Data·MSFT +0.1%Microsoft Patches Excel Flaw That Turns a Simple Spreadsheet into a Backdoor·NVDA +3.0%Microsoft Patches SharePoint Spoofing Flaw That Can Leak Data Without a Click·GOOGL +1.2%Visual Studio Code 1.128.1 Fixes Command Injection Flaw; Update Now to Block Code Execution Attacks·AMZN +2.9%Microsoft Ships AD FS Fix, But Automatic Remediation Is Months Away — Here’s How to Secure Your Keys Now·MSFT +0.1%High-Severity CVE-2026-55948: Excel Workbook Flaw Demands Quick Patch·NVDA +3.0%Excel Patch for July 2026 Closes Remote Code Execution Hole Exploited via Malicious Files·GOOGL +1.2%CVE-2026-54988: Microsoft's Excel Update Fixes Data Leak and Crash Flaw·AMZN +2.9%Microsoft Deploys Fix for Excel Heap Overflow That Can Crash Apps and Expose Data·MSFT +0.1%Microsoft Patches Excel Flaw That Turns a Simple Spreadsheet into a Backdoor·NVDA +3.0%Microsoft Patches SharePoint Spoofing Flaw That Can Leak Data Without a Click·GOOGL +1.2%Visual Studio Code 1.128.1 Fixes Command Injection Flaw; Update Now to Block Code Execution Attacks·AMZN +2.9%

Cve 2026 47296

The latest Cve 2026 47296 coverage — news, analysis, and updates from the WindowsNews.AI desk.

13 stories in view AI assisted desk updated 12:05 AM
Latest Most Read Breaking
Sort
CVE-2026-56155 · Active Directory Federation Services

Microsoft Ships AD FS Fix, But Automatic Remediation Is Months Away — Here’s How to Secure Your Keys Now

Microsoft’s July 14, 2026 update for CVE-2026-56155 introduces an audit phase for AD FS DKM container ACLs, but administrators must manually remediate or risk automatic enforcement in October. The actively exploited flaw allows token-signing key theft, and guidance includes registry settings, event log monitoring, and preparation for the October 13 deadline.

Advertisement
CVE-2026-50675 · Microsoft Excel

Microsoft Patches Excel Flaw That Turns a Simple Spreadsheet into a Backdoor

Microsoft released a security update on July 14, 2026, fixing a high-severity heap-based buffer overflow in Excel (CVE-2026-50675). The vulnerability allows remote code execution when a user opens a malicious spreadsheet, affecting nearly all modern Office versions on Windows and macOS. Administrators and home users alike should apply the patch immediately and consider additional defenses like Protected View, email filtering, and user training.

SE Security Desk·12m ago
CVE-2026-54108 · SharePoint Server Spoofing

Microsoft Patches SharePoint Spoofing Flaw That Can Leak Data Without a Click

Microsoft has patched a SharePoint Server spoofing vulnerability (CVE-2026-54108) that lets authenticated attackers leak sensitive information without user interaction. Affecting on-premises editions, the July 2026 updates require manual deployment across all farm servers. While not actively exploited, the bug’s low complexity and high confidentiality impact warrant swift patching.

SE Security Desk·13m ago
CVE-2026-55144 · Windows CNG

CVE-2026-55144: Windows Crypto Bug Exposes Confidential Data to Local Attackers – July 2026 Fix Urged

Microsoft’s July 14, 2026 Patch Tuesday includes a fix for CVE-2026-55144, an Important-rated vulnerability in Windows CNG that allows a low-privileged local attacker to tamper with protected data. The update, delivered via KB5101650 for Windows 11 24H2/25H2 and KB5099540 for Server 2022, closes a missing cryptographic step that could lead to complete loss of confidentiality and integrity. While no active exploitation is reported, the lack of any workaround and the high value of cryptographic data make immediate patching essential, especially on multi-user systems and servers.

SE Security Desk·18m ago
Visual Studio Code · CVE-2026-50520

Visual Studio Code 1.128.1 Fixes Command Injection Flaw; Update Now to Block Code Execution Attacks

Microsoft has patched a high-severity command-injection vulnerability (CVE-2026-50520) in Visual Studio Code with version 1.128.1. The flaw can let attackers run commands with the victim's privileges, posing a serious risk to developers and IT environments. All users should update immediately, and organizations must check for user-level installations that escape standard patch management.

SE Security Desk·18m ago
CVE-2026-55002 · SQL Server

Microsoft Fixes SQL Server Privilege Escalation Bug on 2016's End-of-Support Date

Microsoft released a patch for CVE-2026-55002, a CVSS 7.8 privilege escalation vulnerability in SQL Server, as part of July 2026 Patch Tuesday. The flaw affects versions 2016 through 2025 and requires local access, but its disclosure coincides with the end-of-support for SQL Server 2016, adding urgency for organizations to apply the fix and plan migrations.

SE Security Desk·22m ago
SQL Server · CVE-2026-54118

Your SQL Servers Are Vulnerable: Apply Microsoft’s July 2026 Fix for CVE-2026-54118 Now

Microsoft’s July 2026 security update fixes CVE-2026-54118, a critical remote code execution vulnerability in SQL Server with a CVSS 8.8 score. The flaw requires an authenticated attacker but can be exploited over a network with low complexity. Administrators must apply the patch promptly, verify build numbers, and harden network access.

SE Security Desk·23m ago
.NET Security · CVE-2026-50524

Microsoft's .NET DoS patch is more urgent than its 'Framework' label suggests

Microsoft's July 2026 .NET patches fix a network-exploitable denial-of-service vulnerability (CVE-2026-50524) with a CVSS score of 7.5. The flaw affects modern .NET releases and Visual Studio, but the advisory's \

SE Security Desk·28m ago
CVE-2026-15409 · CVE-2026-15410

Emergency Fix: SonicWall SMA1000 Zero-Days Under Attack, CISA Sets July 17 Deadline

SonicWall released emergency patches for two actively exploited zero-day vulnerabilities (CVE-2026-15409 and CVE-2026-15410) in its SMA1000 series appliances. Administrators must update to builds 12.4.3-03453 or 12.5.0-02835 immediately and conduct an indicator-of-compromise review, as patching alone does not confirm the appliance is clean. CISA has given federal agencies a July 17 deadline to remediate or disconnect affected devices.

SE Security Desk·38m ago
CVE-2026-55012 · Microsoft Defender

CVE-2026-55012: Why the Latest Windows Update Won't Fix This Defender Vulnerability

Microsoft has fixed a critical remote code execution vulnerability in the Microsoft Malware Protection Engine, but the update doesn't come through Windows Update. Instead, it's delivered via Defender's protection-update system. Organizations must manually verify that all endpoints have received engine version 1.1.26060.3008 to be protected.

SE Security Desk·1h ago