Microsoft, SonicWall fix multiple zero-days

 

Microsoft, SonicWall fix multiple zero-days

Microsoft has released a July batch of security updates that fix over 500 security flaws across its various products and services, including two actively exploited zero-day vulnerabilities.

The first exploited flaw is CVE-2026-56155, an insufficient granularity of access control issue that allows a local user to escalate privileges on the system. The vulnerability exists due to improper access control in Active Directory Federation Services (AD FS).

The second exploited vulnerability is CVE-2026-56164, a missing authentication for critical function issue that permits unauthorized access to the application. The vulnerability exists due to missing authentication for critical function. A remote non-authenticated attacker can send a specially crafted HTTP request and modify certain data.

Microsoft didn’t disclose any further information on when or how the both flaws were exploited.

July 2026 Patch Tuesday also addresses a previously disclosed Windows BitLocker security feature bypass vulnerability (CVE-2026-50661) that allows an unauthorized attacker to bypass a security feature with a physical attack. There’s no evidence at this point that the flaw was exploited in real-world attacks.

Separately, SonicWall has warned that threat actors are actively exploiting two vulnerabilities (CVE-2026-15409 and CVE-2026-15410) affecting its SMA1000 secure access appliances in zero-day attacks.

CVE-2026-15409 is a critical server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface. The flaw allows a remote, unauthenticated attacker to force an affected appliance to make requests to unintended locations.

CVE-2026-15410 is a post-authentication code injection vulnerability in the SMA1000 Appliance Management Console, which could allow a remote authenticated administrator to execute arbitrary operating system commands.

SonicWall has confirmed that both vulnerabilities are being actively exploited without providing any further details. The affected products include SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800.

Security fixes are available in platform-hotfix versions 12.4.3-03453 and 12.5.0-02835, as well as later releases. SonicWall strongly recommends that customers upgrade to the latest supported versions to reduce the risk of exploitation. SSL-VPN deployments on SonicWall firewalls or the SMA 100 Series product line are not impacted.

Users of both Microsoft and SonicWall products are strongly advised to install security updates as soon as possible.


Back to the list