Report Incident
× Home DPO CyberHub Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Security Alert: Microsoft Security Updates - July 2026

Microsoft has released security updates for 622 vulnerabilities, including the actively exploited zero-day vulnerabilities CVE-2026-56155 and CVE-2026-56164, which could allow attackers to gain elevated privileges and compromise affected systems.
 
These updates apply to, but are not limited to:
 
  • Windows OS: 11.
  • Windows Server: 2022, 2025
  • Microsoft Office 2021, 2024
  • Microsoft 365 and Microsoft Edge
  • Exchange Server Subscription Edition(SE)

 
Security Risks
 
Identified vulnerabilities could allow threat actors to execute malicious code, escalate privileges, access sensitive data, or disrupt system operations, potentially leading to the compromise of affected systems.

For the full list of security patches released by Microsoft, please refer to the  Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions
 
The National Cyber Security Authority (NCSA) recommends users and administrators:
 
1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.
 
2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.
 
The following Microsoft software products reached their end-of-life and need to be upgraded soon:
 
  • Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2
  • Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.
  • Microsoft SQL Server 2005, 2008, 2012, 2014, 2016 and MS Office 2013, 2016 and 2019.
 
       Upcoming EndofLife: 
 
  • Office 2021: October 13, 2026. Upgrade to a supported version before this date.
 
For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

 
3. Before any updating task, ensure you have a current, tested backup of your data.
 

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.
 

References

16 July 2026

© 2026 National Cyber Security Authority