Skip to content
theregister·

🚨Microsoft Patches Over 600 CVEs in Record-Breaking Month

Your Windows and Office systems just got a major security update

TL;DR

Microsoft released an unprecedented 622 Common Vulnerabilities and Exposures (CVE) patches this month. This is the highest number ever, with over half being critical vulnerabilities.

Microsoft just dropped a bombshell with its September Patch Tuesday release: 622 CVEs patched, more than triple last month's all-time high. If you're running Windows or Office, your security just got a major boost. But this isn't just about numbers; fifty-eight of these are critical, and two are already being exploited in the wild. The actively exploited vulnerabilities include an elevation of privilege issue in Active Directory Federation Services (CVE-2026-56155) and another in Microsoft SharePoint (CVE-2026-56164). That's not all; there are 30 critical CVEs, including 16 remote code execution vulnerabilities in Office apps. If you're managing systems or applications that rely on these products, now is the time to update.

Microsoft Patches Over 600 CVEs in Record-Breaking Month — theregister

Key Points

1

Microsoft released 622 Common Vulnerabilities and Exposures (CVE) patches on September Patch Tuesday

2

Fifty-eight of the patched vulnerabilities are rated as critical by Microsoft, including two actively exploited CVEs

3

One of the actively exploited vulnerabilities is a privilege elevation issue in Active Directory Federation Services (CVE-2026-56155)

4

Another actively exploited vulnerability involves SharePoint and allows for privilege escalation (CVE-2026-56164)

5

Adobe released 64 unique CVEs across seven bulletins, addressing issues in Commerce, Experience Manager, and more

Why It Matters

If you're managing Windows or Office systems, this update is crucial. The critical vulnerabilities include actively exploited flaws that could compromise your system's security. For instance, the privilege elevation issue in Active Directory (CVE-2026-56155) can be a game-changer for organizations relying on ADFS for authentication and authorization.

microsoftcve-patchesactive-exploitswindows-securityoffice-updates

Frequently Asked Questions

Why does this matter?

If you're managing Windows or Office systems, this update is crucial. The critical vulnerabilities include actively exploited flaws that could compromise your system's security. For instance, the privilege elevation issue in Active Directory (CVE-2026-56155) can be a game-changer for organizations relying on ADFS for authentication and authorization.

What happened?

Microsoft released an unprecedented 622 Common Vulnerabilities and Exposures (CVE) patches this month. This is the highest number ever, with over half being critical vulnerabilities.

Comments

Subscribe to join the conversation...

Be the first to comment

Enjoyed this article?

Get it daily. 7am. Free. Reads in 5 minutes.

Join 2,074 builders reading daily.

Also get