The Microsoft July 2026 security updates have been released and consist of 622 new CVEs to Microsoft products and 428 CVEs of non-Microsoft Chromium CVEs.
Of the Microsoft CVEs released, 63 are rated Critical, 6 moderate, 1 low and the rest are rated Important in severity. At the time of release, one is listed as publicly known and two as being actively exploited.
The security updates apply to the following products, features and roles: Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Github Copilot, Defender, Exchange Server, Hyper-V, Ages of Empire II, and Minecraft Serve.
Information regarding known issues with KBs included in the security updates can be found at the bottom of the page at July 2026 Security Updates - Release Notes - Security Update Guide - Microsoft.
Recommended Reading: See Dustin Childs complete review and analysis in Zero Day Initiative -- The July 2026 Security Update Review.
Additional Update Notes:
- Windows 10 -- See Windows 10 Extended Security Updates (ESU).
- Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
- Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 11 operating systems, please see Windows 11 Home and Pro.
- Windows Update History: Windows 11, Windows 10
References



