July Patch Tuesday
The latest July Patch Tuesday coverage — news, analysis, and updates from the WindowsNews.AI desk.
Patch Now: Microsoft Fixes 9.3-Score Windows Kernel Flaw That Needs No Admin to Exploit
On July 14, 2026, Microsoft released a patch for CVE-2026-49798, a use-after-free vulnerability in the Windows kernel that rates 9.3 on the CVSS scale. The flaw allows a local attacker to gain system-level privileges without requiring admin rights, making it a potent second-stage exploit. All supported Windows versions are affected; users and administrators should apply the July 2026 cumulative update immediately.
Microsoft Patches Physical RCE in Storage Spaces Direct — What Cluster Administrators Should Know About CVE-2026-50299
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-50299, a physical-access remote code execution flaw in Windows Storage Spaces Direct. While requiring direct hardware contact, successful exploitation could fully compromise a system without credentials. The update is bundled in the latest cumulative patches; administrators should verify build numbers and follow cluster-aware update procedures.
Windows GDI+ Heap Overflow Threatens Millions of PCs – Patch Now, Microsoft Warns
Microsoft's July 2026 security update addresses CVE-2026-49796, a heap-based buffer overflow in Windows GDI+ that could allow remote code execution via crafted images. The vulnerability impacts nearly all supported Windows versions, requiring immediate patching to prevent exploitation. Our guide provides build verification steps and explains why even Server Core systems are at risk.
Microsoft Ships Fix for Windows Kernel Privilege Escalation That's 'More Likely' to Be Exploited
Microsoft’s July 2026 Patch Tuesday delivers a fix for a Windows Kernel use-after-free privilege escalation (CVE-2026-49795) rated Important but deemed ‘more likely’ to be exploited. The local-attack vulnerability, with a CVSS score of 8.8, affects a broad range of Windows 10, 11, and Server editions. This article breaks down what the flaw means for home users and IT admins, lists the safe build numbers and KBs, and offers a practical deployment guide—including workarounds for known issues with TDI drivers and BitLocker on Windows Server 2022.
A Malicious USB Headset Can Steal Data from Windows PCs — Microsoft’s July Fix Stops the Leak
July 2026 Patch Tuesday fixes a Medium-severity information-disclosure bug in the Windows USB Audio driver that allows data theft via a malicious USB audio device. The patch covers a wide range of Windows 10, 11, and Server editions, and admins should audit for vulnerable builds and strengthen USB device controls.
CVE-2026-49793: Windows ReFS Heap Overflow Patched—Despite RCE Label, Exploitation Requires Local Access
Microsoft’s July 14, 2026 security updates fix CVE-2026-49793, a heap-based buffer overflow in the Windows Resilient File System. Despite a “Remote Code Execution” label, the attack vector is local and requires authenticated access, making it a post-compromise escalation risk rather than an internet-facing threat. The patch covers Windows 10, Windows 11, and Windows Server editions; administrators should prioritize ReFS-heavy servers and verify fixed build numbers after deployment.
Microsoft Ships Patch for UDF Driver Flaw That Allows Attackers to Escalate Privileges on Windows
Microsoft’s July 2026 Patch Tuesday includes a fix for a high-severity privilege-escalation flaw in the Windows UDF file system driver. Successful exploitation requires local access and user interaction but could give an attacker full system control. Administrators should deploy the updates immediately and verify build numbers to ensure protection.
Windows Servers Exposed: Unauthenticated HTTP/2 Attacks Fixed in July 14 Update
Microsoft's July 14, 2026 security update fixes CVE-2026-49788, a high-severity denial-of-service flaw in Windows' HTTP/2 stack that allows unauthenticated remote attackers to crash servers. The article details affected systems, patch verification steps, and mitigation strategies for administrators and home users. Practical guidance covers deployment priorities, monitoring, and compatibility considerations.
Patch Now: NTFS Bug in Windows July Updates Could Give Attackers Full Control
Microsoft’s July 2026 cumulative updates close CVE-2026-49789, a stack-based buffer overflow in the NTFS file system that enables local privilege escalation. Rated Important with a CVSS score of 7.3, the flaw requires an attacker to already have local access, but exploitation complexity is low. All supported Windows and Windows Server versions are patched, and while no active attacks are known, administrators are urged to deploy the fixes immediately due to the bug's presence in the default file system.
Patch Now: Unauthenticated Attackers Can Crash Windows Servers via HTTP.sys Flaw
Microsoft’s July 2026 security updates fix CVE-2026-49787, a denial-of-service flaw in the Windows HTTP.sys driver. Unauthenticated attackers can remotely crash IIS and other HTTP services by triggering resource exhaustion. Administrators should install the cumulative updates immediately, verifying the build number to ensure protection, especially on internet-facing Windows servers.
Microsoft Closes Secure Boot Security Gap—Patches for All Windows Versions Out Now
Microsoft's July 14, 2026 security updates close CVE-2026-49783, an Important-rated bypass in Windows Secure Boot that could let a local attacker load untrusted code during startup. All supported Windows 10, Windows 11, and Windows Server versions need the patch to restore boot-chain integrity. This article explains the flaw, its impact on home users and enterprises, and the concrete steps to apply the fix.
Windows DHCP Client Flaw Earns 7.5 CVSS Score, Patched Across Six Server Generations
Microsoft’s July 2026 Patch Tuesday includes CVE-2026-49181, a high-severity DHCP Client elevation-of-privilege flaw that is network-exploitable without user interaction. It affects all supported Windows Server releases and two Windows 10 long-term servicing branches, but not Windows 11. Administrators should deploy the update quickly and verify build numbers, as the attack prerequisites are favorable to adversaries despite no observed in-the-wild exploitation.
Windows Clipboard Flaw Can Turn Limited Access Into Full System Control—Patch Now
Microsoft's July 2026 Patch Tuesday includes a fix for CVE-2026-49183, a high-severity Windows Clipboard Server vulnerability that could let a locally authenticated attacker with low privileges escalate to full system control. The race condition flaw affects most supported Windows 10, 11, and Server versions and requires immediate patching, especially on shared or user-accessible machines. While not yet exploited in the wild, the bug's potential for post-compromise abuse makes it a critical update for all organizations.