Kerberos Encryption Transition

Record-Breaking Patch Day: Microsoft Fixes 570 Security Flaws

Patch Day, Microsoft Patch Tuesday, BitLocker vulnerability, Microsoft July 2026 Patch Tuesday security update, Kerberos RC4 encryption phaseout in Windows domains, Microsoft fixes 570 security vulnerabilities in Windows, Microsoft, Windows vulnerabilities
Facebook
X
LinkedIn
Reddit
WhatsApp
Source: HJBC / Shutterstock.com

Microsoft closes 570 vulnerabilities in its largest Patch Tuesday release to date and begins enforcing the phaseout of outdated Kerberos RC4 encryption.

Microsoft addressed a total of 570 security vulnerabilities across Windows, Office, Exchange Server, SharePoint Server, SQL Server, Azure, and Visual Studio in its July 2026 Patch Tuesday release. The update package represents the largest security update in the company’s history. Among the patched issues are 59 vulnerabilities classified as critical and three zero day flaws.

Ad

Two of the actively exploited zero day vulnerabilities affect Active Directory Federation Services (AD FS) tracked as CVE-2026-56155 and Microsoft SharePoint Server tracked as CVE-2026-56164. The vulnerabilities allow attackers to elevate system privileges, with the SharePoint flaw also enabling remote exploitation over the network. The third zero day vulnerability, CVE-2026-50661, allows attackers to bypass BitLocker encryption but requires physical access to the affected device.

Security company Zecurit recommends treating all three vulnerabilities as “immediate patch priorities.” In addition, Microsoft fixed 145 vulnerabilities that could enable remote code execution (RCE) attacks in Exchange, SQL Server, Hyper V, and Office.

Microsoft Enforces Kerberos RC4 Encryption Shutdown

Beyond the sheer number of security fixes, the update marks the start of a stricter enforcement phase for the Kerberos authentication protocol. Windows domain controllers will no longer accept Kerberos tickets based on the outdated RC4 encryption algorithm unless an explicit exception configuration is in place. Organizations are therefore required to migrate to the significantly more secure AES encryption standard.

Ad

The measure is designed to make credential compromise attacks more difficult, particularly attacks where threat actors use stolen password hashes and attempt offline brute force cracking methods. Microsoft warns that systems still relying on RC4 based service accounts, legacy applications, or incompatible non Windows systems may experience Kerberos authentication failures after installing the update.

Microsoft Pauses Update Distribution for Certain Dell Systems

Due to compatibility issues, Microsoft has temporarily halted the distribution of the Windows 11 security update for certain Dell devices. The issue affects a limited number of systems powered by Intel processors. On these devices, installing the patch can result in unexpected system crashes, noticeable performance degradation, overheating, and rapid battery drain.

Microsoft said it is working together with Dell on a resolution and plans to resume update distribution for affected devices as soon as the issue has been addressed.

(ll)

Ad

Artikel zu diesem Thema

Weitere Artikel