patchletter

Microsoft Patch Tuesday July 2026: what sysadmins should do now

July 14, 2026 was Microsoft Patch Tuesday — the second Tuesday of the month, when Microsoft ships its bundled security updates for Windows, Windows Server, Office, Exchange and more. This is a short, practical guide to triaging it — not a CVE-by-CVE dump (the full rated list lives in Microsoft’s Security Update Guide).

1. Patch what is being exploited first

Not every vulnerability is equal. The ones worth losing sleep over are the ones attackers are already using. patchletter cross-references the CISA Known Exploited Vulnerabilities (KEV) catalog, so you can see which Microsoft products are affected by an actively exploited flaw right now on the Patch Tuesday page — patch those first.

2. Confirm you are on the current version

After Patch Tuesday, roll out and then verify. The Patch Tuesday page lists the current detected version of every Microsoft product patchletter tracks, and each tool page shows the full version history — so you can check your fleet against the latest release at a glance.

3. Watch what is running out of support

A patched system on an end-of-life version still stops getting fixes soon. Keep an eye on upcoming end-of-life dates so a migration never surprises you — and on the actively exploited vulnerabilities across your whole stack, not just Microsoft.

Never miss the next one

Subscribe to your Microsoft tools and patchletter emails you the moment a new version ships or an actively exploited vulnerability appears — free, one email address, no account. Pick your tools →