Serial number: AV26–698
Date: July 14, 2026
On July 14, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:
- .NET 10.0 installed on Linux
- .NET 10.0 installed on Mac OS
- .NET 10.0 installed on Windows
- .NET 8.0 installed on Linux
- .NET 8.0 installed on Mac OS
- .NET 8.0 installed on Windows
- .NET 9.0 installed on Linux
- .NET 9.0 installed on Mac OS
- .NET 9.0 installed on Windows
- Age of Empires II: Definitive Edition Game
- Azure Active Directory
- Azure CycleCloud 8.9.1
- Azure Monitor Agent Metrics Extension
- Azure Open AI
- Azure Spring Apps
- Azure Synapse
- Fabric Data Warehouse
- GitHub Copilot Plugin for JetBrains IDEs
- Microsoft .NET Framework
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 4.8.1
- Microsoft 365 Apps
- Microsoft 365 Apps for Enterprise
- Microsoft 365 Copilot
- Microsoft 365 Copilot for Android
- Microsoft 365 Copilot for iOS
- Microsoft Bing Search for iOS
- Microsoft Defender for Endpoint for Mac
- Microsoft Dynamics NAV 2018
- Microsoft Edge (Chromium-based)
- Microsoft Entra Provisioning Service
- Microsoft Excel 2016
- Microsoft Exchange Online
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
- Microsoft Exchange Server Subscription Edition RTM
- Microsoft Malware Protection Engine
- Microsoft Office 2016
- Microsoft Office 2019
- Microsoft Office 365 for Mac
- Microsoft Office LTSC 2021
- Microsoft Office LTSC 2024
- Microsoft Office LTSC for Mac 2021
- Microsoft Office LTSC for Mac 2024
- Microsoft Office for Android
- Microsoft PC Manager
- Microsoft PowerPoint 2016
- Microsoft SQL Server 2016
- Microsoft SQL Server 2017
- Microsoft SQL Server 2019
- Microsoft SQL Server 2022
- Microsoft SQL Server 2025
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Surface Go 2
- Microsoft Surface Go 3
- Microsoft Surface Hub
- Microsoft Surface Hub 2S
- Microsoft Surface Hub 3
- Microsoft Surface Laptop Go
- Microsoft Surface Laptop Go 2
- Microsoft Surface Laptop Go 3
- Microsoft Surface Pro 7+
- Microsoft Surface Pro 8
- Microsoft Visual Studio 2022
- Microsoft Visual Studio 2026
- Microsoft Word 2016
- AspNet.OData
- AspNetCore.OData
- Minecraft Bedrock Dedicated Server
- Office Online Server
- Power BI Report Server
- Surface Laptop 4 with AMD Processor
- Surface Laptop 4 with Intel Processor
- Surface Windows Dev Kit
- Visual Studio Code
- Windows 10
- Windows 11
- Windows 11 Version
- Windows Admin Center
- Windows Remote Help
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
- Windows Subsystem for Linux (WSL2)
- Windows Terminal for Windows 10
- Windows Terminal for Windows 11
Microsoft has indicated that CVE-2026-56164 and CVE-2026-56155 are being exploited.
On July 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-56164 and CVE-2026-56155 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.