The company published a patch package that closed 622 security vulnerabilities in one go; this figure surpassed previous records and caused significant impact in the industry. Another prominent aspect of the update package was a fundamental revision made to the Kerberos authentication protocol.
Patch These First: Two Active Zero-Day Vulnerabilities
The most critical part of this month's patch set was two zero-day vulnerabilities that are already being exploited by attackers. The first one is a vulnerability found in SharePoint Server and tracked as CVE-2026-56164. According to Microsoft, this vulnerability is being used in real attacks and allows an unauthenticated attacker to escalate privileges on the corporate network. The second zero-day vulnerability was identified in Active Directory; when these two are considered together, it becomes evident that both document storage infrastructure and login mechanisms are targeted simultaneously. Beyond their scores, these components play a critical role in corporate environments, making them vulnerabilities that need to be addressed with priority.
Additionally, the patch package included an exposed BitLocker vulnerability. Although this vulnerability has not yet been reported as actively exploited, its public disclosure could serve as a roadmap for attackers, hence it is closely monitored by security teams.
Significant Changes in Kerberos
The most technically striking aspect of this month's update was the comprehensive revision made to Kerberos, a fundamental authentication protocol in Windows. This change in encryption mechanisms can directly affect corporate network identity infrastructure, necessitating meticulous post-patch compatibility testing by IT teams.
Why Such a Large Number?
While a figure like 622 is attention-grabbing on its own, it aligns with the general trend seen in recent months. Throughout 2026, the number of vulnerabilities published in consecutive Patch Tuesday packages has steadily increased, with the expansion of attack surfaces and AI-supported security research methods contributing to this rise by identifying more vulnerabilities. Similarly, SAP released an update for a critical (CVSS 9.9) vulnerability in NetWeaver Application Server ABAP during the same week; this vulnerability could allow an authenticated attacker to cause memory corruption leading to unauthorized data access.
What Does This Mean for Organizations?
A patch package of this scale necessitates prioritization by corporate IT and security teams. Experts recommend that teams with limited resources focus first on the actively exploited SharePoint and Active Directory vulnerabilities, then verify the publicly disclosed BitLocker vulnerability, and finally test for compatibility issues caused by Kerberos changes. Given the central role components like SharePoint and Active Directory play in corporate environments, delays in applying patches can leave a wide window of opportunity open to attackers.