{"id":9176,"date":"2026-07-14T21:05:19","date_gmt":"2026-07-14T21:05:19","guid":{"rendered":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/"},"modified":"2026-07-14T21:05:19","modified_gmt":"2026-07-14T21:05:19","slug":"microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/en\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/","title":{"rendered":"Microsoft Entra ID &amp; Exchange\/SharePoint: Multiple Critical Vulnerabilities (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Back to Blog                <a href=\"https:\/\/locaterisk.com\/en\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">Microsoft Entra ID &amp; Exchange\/SharePoint: Multiple Critical Vulnerabilities (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)<\/h1>\r\n            <p class=\"paragraph\"><br><span class=\"lr-ai-disclosure\" style=\"display:block;margin:8px 0 28px;font-size:14px;line-height:1.4;color:#8b93a7;font-family:inherit;font-style:italic;\">This text was generated using artificial intelligence (AI).<\/span>On July 13, 2026, Microsoft announced a strategic change to its identity and access management system, Microsoft Entra ID. Starting September 1, 2026, passkeys will be phased in as the default method for multi-factor authentication (MFA). The goal of this measure is to strengthen account security through phishing-resistant login methods while phasing out vulnerable methods such as SMS and voice calls.<br><br>The transition affects all organizations using Microsoft Entra ID in the public cloud. Separate timelines will be announced for other cloud environments. The official Microsoft announcement is available in the Microsoft 365 Message Center at <strong>MC1426371<\/strong> available.<br><br><strong>Update July 14, 2026:<\/strong> In addition, several critical vulnerabilities in Microsoft Exchange Server, SharePoint Server, and Active Directory Federation Services have been disclosed. CVE-2026-55008 (CVSS 9.6) affects Exchange Server and allows remote code execution. CVE-2026-56164 and CVE-2026-56155 are actively exploited zero-day vulnerabilities in SharePoint and AD FS. CVE-2026-55040 (CVSS 9.1) allows for authentication bypass via JWT token forgery in AD FS. See below for details.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png\" alt=\"Microsoft Entra ID &amp; Exchange\/SharePoint: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)\" class=\"wp-image-9142\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>The Facts at a Glance<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Passkeys as the standard:<\/strong> Starting September 1, 2026, users will be prompted to register passkeys; starting February 1, 2027, this will be mandatory.<\/li>\n\n\n\n<li><strong>SMS\/Voice will be turned off:<\/strong> Microsoft's native services for SMS and voice sign-in will end on February 1, 2027. Third-party integration via the Microsoft Security Store will remain available.<\/li>\n\n\n\n<li><strong>Affected platform:<\/strong> Microsoft Entra ID (Public Cloud).<\/li>\n\n\n\n<li><strong>Critical Exchange Vulnerability:<\/strong> CVE-2026-55008 (CVSS 9.6) affects Exchange Server 2016 CU23, 2019 CU14\/CU15, and the Subscription Edition RTM. Remote code execution is possible without authentication; user interaction is required.<\/li>\n\n\n\n<li><strong>SharePoint zero-days currently being exploited:<\/strong> CVE-2026-56164 (Elevation of Privilege) and CVE-2026-50661 affect SharePoint Server 2016, 2019, and the Subscription Edition. Available patches: 16.0.5561.1001, 16.0.10417.20175, 16.0.19725.20434.<\/li>\n\n\n\n<li><strong>Critical AD FS Vulnerabilities:<\/strong> CVE-2026-56155 (Insufficient Access Control) and CVE-2026-55040 (CVSS 9.1, Security Feature Bypass via JWT Token Forging) affect Active Directory Federation Services. CVE-2026-55040 is being actively exploited.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The timeline for the transition<\/strong><\/h2>\n\n\n\n<p>To ensure a smooth implementation, Microsoft has published a phased rollout plan. IT administrators should take note of the following dates:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Effective August 1, 2026:<\/strong> API support will be available to configure a temporary opt-out for the passkey rollout.<\/li>\n\n\n\n<li><strong>Effective September 1, 2026:<\/strong> When logging in via MFA, users are offered the option to register a passkey. Participation is still optional at this stage.<\/li>\n\n\n\n<li><strong>Effective September 18, 2026:<\/strong> Microsoft publishes information about supported third-party telecommunications service providers in the Microsoft Security Store.<\/li>\n\n\n\n<li><strong>Effective October 30, 2026:<\/strong> Administrators can configure third-party telecommunications services in the Microsoft Security Store for SMS and voice sign-in.<\/li>\n\n\n\n<li><strong>Effective February 1, 2027:<\/strong> Microsoft's native SMS and voice services will be discontinued. The prompt to register for a passkey will become mandatory for all affected users and can no longer be skipped.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Need for Action and Options for Administrators<\/strong><\/h2>\n\n\n\n<p>Companies must adapt their authentication strategies to this new framework. The transition period, which runs through February 2027, provides time to prepare internal processes and user communications.<\/p>\n\n\n\n<p>Organizations that continue to rely on SMS- or voice-based authentication must turn to third-party solutions that can be integrated through the Microsoft Security Store. However, Microsoft clearly recommends switching to methods that are completely resistant to phishing.<\/p>\n\n\n\n<p>Users who already use secure methods such as <strong>Windows Hello for Business<\/strong>, <strong>FIDO2 Security Keys<\/strong>, use certificate-based authentication or smart cards, are not affected by the new registration prompt, according to Microsoft Learn.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Critical Vulnerability in Microsoft Exchange Server (CVE-2026-55008)<\/strong><\/h2>\n\n\n\n<p>In conjunction with the passkey migration, a critical security vulnerability in Microsoft Exchange Server was disclosed on July 14, 2026. The vulnerability, CVE-2026-55008, received a CVSS score of 9.6 and allows remote code execution over the network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Technical Details<\/strong><\/h3>\n\n\n\n<p>The vulnerability affects the following versions of Exchange:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft Exchange Server 2016 Cumulative Update 23<\/li>\n\n\n\n<li>Microsoft Exchange Server 2019 Cumulative Update 14<\/li>\n\n\n\n<li>Microsoft Exchange Server 2019 Cumulative Update 15<\/li>\n\n\n\n<li>Microsoft Exchange Server Subscription Edition RTM<\/li>\n<\/ul>\n\n\n\n<p>An attacker can exploit the vulnerability without prior authentication (PR:N), but user interaction is required (UI:R). The attack vector is network-based (AV:N) with low attack complexity (AC:L). If successfully exploited, high impacts on confidentiality, integrity, and availability are possible (C:H\/I:H\/A:H). The scope is \u201eChanged\u201c (S:C), which means that the impact may extend beyond the vulnerable component.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Assessment and Recommendations for Action<\/strong><\/h3>\n\n\n\n<p>As of this publication, the patch status is unknown. There is no information available regarding active exploitation or inclusion in the CISA KEV list. Organizations with Exchange servers running the affected versions should continuously monitor the Microsoft Security Response Center advisory at https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-55008 and prioritize the installation of available security updates.<\/p>\n\n\n\n<p>The combination of a high CVSS score, a network-based attack vector, and the potential for remote code execution makes CVE-2026-55008 a critical threat to Exchange infrastructures. Until a patch is available, administrators should consider mitigating measures such as network segmentation, enhanced monitoring, and access restrictions on Exchange services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Actively Exploited Zero-Days in SharePoint Server (CVE-2026-56164, CVE-2026-50661)<\/strong><\/h2>\n\n\n\n<p>On July 14, 2026, two actively exploited vulnerabilities in Microsoft SharePoint Server were disclosed. CVE-2026-56164 is an elevation-of-privilege vulnerability enabled by a lack of authentication. CVE-2026-50661 is another vulnerability in SharePoint Server; its technical details have not yet been fully disclosed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Affected Versions and Patches<\/strong><\/h3>\n\n\n\n<p>The vulnerabilities affect the following versions of SharePoint:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft SharePoint Server 2016 (all versions) < 16.0.5561.1001)<\/li>\n\n\n\n<li>Microsoft SharePoint Server 2019 (all versions) < 16.0.10417.20175)<\/li>\n\n\n\n<li>Microsoft SharePoint Server Subscription Edition (all versions) < 16.0.19725.20434)<\/li>\n<\/ul>\n\n\n\n<p>Microsoft has released security updates that address these vulnerabilities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SharePoint Server 2016: Update to Version 16.0.5561.1001<\/li>\n\n\n\n<li>SharePoint Server 2019: Update to Version 16.0.10417.20175<\/li>\n\n\n\n<li>SharePoint Server Subscription Edition: Update to Version 16.0.19725.20434<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Urgency and Recommended Action<\/strong><\/h3>\n\n\n\n<p>Since both vulnerabilities are being actively exploited, it is critical to install the patches immediately. Organizations with SharePoint servers should prioritize installing the updates and conduct enhanced monitoring for suspicious activity until the patches are fully implemented. The vulnerabilities allow attackers to escalate privileges within the SharePoint environment, which can lead to data exfiltration, lateral movement within the network, and further compromises.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Critical Vulnerabilities in Active Directory Federation Services (CVE-2026-56155, CVE-2026-55040)<\/strong><\/h2>\n\n\n\n<p>Alongside the SharePoint vulnerabilities, two critical vulnerabilities in Active Directory Federation Services (AD FS) were disclosed. CVE-2026-56155 is a vulnerability caused by insufficient access control. CVE-2026-55040 is a particularly critical security feature bypass vulnerability with a CVSS score of 9.1.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE-2026-55040: Authentication Bypass via JWT Token Forging<\/strong><\/h3>\n\n\n\n<p>CVE-2026-55040 allows attackers to bypass authentication by creating forged JWT (JSON Web Tokens). This vulnerability is being actively exploited and poses a significant threat to organizations that use AD FS for federated authentication. A successful attack allows unauthorized access to protected resources without valid credentials.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Technical Assessment and Recommendations for Action<\/strong><\/h3>\n\n\n\n<p>The combination of a high CVSS score (9.1), active exploitation, and the ability to completely bypass authentication makes CVE-2026-55040 one of the most critical vulnerabilities in the latest Microsoft security update. Organizations with AD FS infrastructure must apply available patches immediately and check their authentication logs for anomalies, particularly for unusual JWT token issuances or validations.<\/p>\n\n\n\n<p>Until the patch is fully implemented, administrators should consider the following mitigating measures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enhanced Monitoring of AD FS Authentication Events<\/li>\n\n\n\n<li>Review and Strengthening of JWT Token Validation Guidelines<\/li>\n\n\n\n<li>Network Segmentation to Restrict Access to AD FS Servers<\/li>\n\n\n\n<li>Enabling additional authentication factors for critical resources<\/li>\n<\/ul>\n\n\n\n<p>CVE-2026-56155 also requires prompt installation of the patch, as insufficient access control in AD FS can lead to unauthorized access to federated services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Relevance for Organizations in Germany, Austria, and Switzerland<\/strong><\/h2>\n\n\n\n<p>This transition is particularly relevant for companies subject to NIS 2 and KRITIS operators in Germany: The use of phishing-resistant authentication methods complies with the requirements for technical security measures under Section 30 of the BSIG. The BSI explicitly recommends FIDO2-based methods and passkeys as strong authentication methods. Organizations that use Microsoft Entra ID as their central identity service should also include the transition in their GDPR-compliant change documentation and verify whether the change to the authentication infrastructure requires internal risk assessments in accordance with ISO 27001.<\/p>\n\n\n\n<p>The Exchange vulnerability CVE-2026-55008, as well as the actively exploited SharePoint and AD FS vulnerabilities, underscore the urgency of a comprehensive Microsoft security management approach. Organizations with Exchange servers, SharePoint installations, or AD FS infrastructure must include these vulnerabilities in their risk assessment in accordance with ISO 27001 Annex A 8.8 (Vulnerability Management) and document them. The active exploitation of CVE-2026-56164, CVE-2026-50661, and CVE-2026-55040 requires immediate incident response readiness and prioritized patch installation.<\/p>\n\n\n\n<p>Organizations subject to NIS 2 must comply with the requirement to report security incidents: If there are indications that zero-day vulnerabilities have been successfully exploited, a report to the relevant supervisory authority may be required.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Classification from the EASM and VRM Perspectives<\/strong><\/h2>\n\n\n\n<p>A change in authentication methods at a central identity provider such as Microsoft has a direct impact on the external attack surface and supplier risk management.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>External Attack Surface Management (EASM):<\/strong> Microsoft Entra ID is an externally accessible service whose sign-in portals are part of an organization\u2019s digital infrastructure. An EASM platform such as LocateRisk identifies these and other exposed authentication endpoints (e.g., for VPNs or cloud services). Knowing which systems depend on Entra ID is essential for assessing the impact of this policy change on your organization\u2019s security posture. At the same time, externally accessible Exchange servers, SharePoint instances, and AD FS servers must be identified and checked for vulnerability to CVE-2026-55008, CVE-2026-56164, CVE-2026-50661, CVE-2026-56155, and CVE-2026-55040. The active exploitation of several of these vulnerabilities makes continuous monitoring of the external attack surface particularly critical.<\/li>\n\n\n\n<li><strong>Vendor Risk Management (VRM):<\/strong> Microsoft is a critical supplier for most companies. A mandatory change to security policies is a significant event in cyber supply chain risk management. Continuous monitoring as part of VRM helps identify such changes among strategic partners and ensure an organization\u2019s own compliance with standards such as NIS-2 or ISO 27001, which require active management of supplier risks. The Exchange, SharePoint, and AD FS vulnerabilities underscore the need to also monitor patch management processes for critical Microsoft products within the VRM context. The recent spate of critical zero-day vulnerabilities should serve as a prompt to update the risk assessment for Microsoft as a supplier and to document the dependency on Microsoft products within the supply chain.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Here's How LocateRisk Can Help You<\/strong><\/h2>\n\n\n\n<p>The LocateRisk platform provides you with the necessary visibility into your external attack surface and the security posture of your suppliers. Identify all external systems that rely on Microsoft Entra ID for authentication, and assess the security performance of your critical technology partners. Detect exposed Exchange servers, SharePoint instances, and AD FS servers in your infrastructure to quickly locate and prioritize vulnerabilities such as CVE-2026-55008, CVE-2026-56164, CVE-2026-50661, CVE-2026-56155, and CVE-2026-55040.<\/p>\n\n\n\n<p>Our \u201eMade in Germany\u201c solution is hosted in certified German data centers\u2014designed to meet GDPR requirements and with reduced risks associated with exposure to the U.S. Cloud Act.<\/p>\n\n\n\n<p><a href=\"https:\/\/locaterisk.com\/en\/demo-anfordern\/\" target=\"_blank\" rel=\"noreferrer noopener\">Request a no-obligation analysis of your attack surface.<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources and further information<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Microsoft Security Blog (July 13, 2026):<\/strong> <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/07\/13\/microsoft-entra-id-security-updates-passkeys-are-the-default-authentication-method-in-entra-id\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID<\/a><\/li>\n\n\n\n<li><strong>Microsoft Learn:<\/strong> <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/concept-sms-voice-retirement\" target=\"_blank\" rel=\"noreferrer noopener\">Discontinuation of SMS and Voice for Authentication in Microsoft Entra ID<\/a><\/li>\n\n\n\n<li><strong>BleepingComputer (July 14, 2026):<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-entra-id-gets-passkeys-default-authentication-starting-september\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID will use passkeys as the default authentication method starting in September<\/a><\/li>\n\n\n\n<li><strong>Microsoft Security Response Center:<\/strong> <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-55008\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-55008 Security Update Guide<\/a><\/li>\n\n\n\n<li><strong>Microsoft Security Response Center:<\/strong> <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-56164\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-56164 Security Update Guide<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Frequently asked questions<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Who is affected by the transition to Microsoft Entra ID passkeys?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">All organizations and users who use Microsoft Entra ID in the public cloud. The exception is users who already use another phishing-resistant authentication method, such as Windows Hello for Business, FIDO2 security keys, or smart cards\u2014according to Microsoft Learn, these users will not receive a new registration prompt.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Will I still be able to use text messages and voice calls after February 1, 2027?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Yes, the service will still be available, but no longer through Microsoft's native service. To use it, organizations must integrate a supported third-party telecommunications service provider via the Microsoft Security Store. Configuration will be possible starting October 30, 2026; Microsoft will publish information about available providers starting September 18, 2026.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What happens if users skip the passkey registration?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Between September 1, 2026, and February 1, 2027, users can skip the prompt. After this deadline, the registration dialog will become mandatory. Affected users will then no longer be able to sign up without interacting with the prompt.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Are my Exchange servers affected by CVE-2026-55008?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Check to see if you are running one of the affected versions: Exchange Server 2016 CU23, Exchange Server 2019 CU14 or CU15, or Exchange Server Subscription Edition RTM. Monitor the Microsoft Security Response Center for patch information and apply available updates immediately.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>How urgent is it to install the SharePoint patches?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">This update is critical and should be installed immediately. CVE-2026-56164 and CVE-2026-50661 are being actively exploited. Organizations with SharePoint servers running the affected versions (&lt; 16.0.5561.1001 for 2016, &lt; 16.0.10417.20175 for 2019, &lt; 16.0.19725.20434 (for the Subscription Edition) should install the updates as a priority.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What does CVE-2026-55040 mean for my AD FS infrastructure?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">CVE-2026-55040 is a critical vulnerability (CVSS 9.1) that is actively being exploited and can bypass authentication through JWT token forgery. Organizations using AD FS must immediately install available patches, check their authentication logs for anomalies, and implement mitigating measures such as enhanced monitoring and network segmentation.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Request your personal Live-Demo now<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"first name\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"last name\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Email\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">I agree with the <a href=\"https:\/\/locaterisk.com\/en\/datenschutz\/\" target=\"_self\">privacy policy<\/a>.<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Request a Demo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Your personal consultant<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Get in Touch Now<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/en\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/about\/\">About Us<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/impressum\/\">Legal Notice<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/datenschutz\/\">Privacy<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/gtc.pdf\">General Terms and Conditions<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/jobs\/\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Microsoft Entra ID is introducing passkeys as the default. At the same time, critical zero-day vulnerabilities were disclosed in SharePoint (CVE-2026-56164), AD FS (CVE-2026-55040, CVSS 9.1), and Exchange (CVE-2026-55008). Updates are available.<\/p>","protected":false},"author":13,"featured_media":9142,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Entra ID, Exchange &amp; SharePoint \u2013 kritische L\u00fccken<\/title>\n<meta name=\"description\" content=\"Microsoft Entra ID f\u00fchrt Passkeys als Standard ein. Parallel wurden kritische Zero-Days in SharePoint (CVE-2026-56164) und AD FS (CVE-2026-55040, CVSS 9.1) sowie Exchange (CVE-2026-55008) bekannt. Updates verf\u00fcgbar.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/en\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Entra ID, Exchange &amp; SharePoint \u2013 kritische L\u00fccken\" \/>\n<meta property=\"og:description\" content=\"Microsoft Entra ID f\u00fchrt Passkeys als Standard ein. Parallel wurden kritische Zero-Days in SharePoint (CVE-2026-56164) und AD FS (CVE-2026-55040, CVSS 9.1) sowie Exchange (CVE-2026-55008) bekannt. Updates verf\u00fcgbar.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/en\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-14T21:05:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"Microsoft Entra ID &#038; Exchange\\\/SharePoint: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)\",\"datePublished\":\"2026-07-14T21:05:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/\"},\"wordCount\":2093,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/\",\"name\":\"Microsoft Entra ID, Exchange & SharePoint \u2013 kritische L\u00fccken\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"datePublished\":\"2026-07-14T21:05:19+00:00\",\"description\":\"Microsoft Entra ID f\u00fchrt Passkeys als Standard ein. Parallel wurden kritische Zero-Days in SharePoint (CVE-2026-56164) und AD FS (CVE-2026-55040, CVSS 9.1) sowie Exchange (CVE-2026-55008) bekannt. Updates verf\u00fcgbar.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"width\":400,\"height\":400,\"caption\":\"compliance-regulatory\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Entra ID &#038; Exchange\\\/SharePoint: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Entra ID, Exchange, and SharePoint \u2013 Critical Vulnerabilities","description":"Microsoft Entra ID is introducing passkeys as the default. At the same time, critical zero-day vulnerabilities were disclosed in SharePoint (CVE-2026-56164), AD FS (CVE-2026-55040, CVSS 9.1), and Exchange (CVE-2026-55008). Updates are available.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/en\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Entra ID, Exchange & SharePoint \u2013 kritische L\u00fccken","og_description":"Microsoft Entra ID f\u00fchrt Passkeys als Standard ein. Parallel wurden kritische Zero-Days in SharePoint (CVE-2026-56164) und AD FS (CVE-2026-55040, CVSS 9.1) sowie Exchange (CVE-2026-55008) bekannt. Updates verf\u00fcgbar.","og_url":"https:\/\/locaterisk.com\/en\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/","og_site_name":"LocateRisk","article_published_time":"2026-07-14T21:05:19+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kristina Hoinkis","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"Microsoft Entra ID &#038; Exchange\/SharePoint: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)","datePublished":"2026-07-14T21:05:19+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/"},"wordCount":2093,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/","url":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/","name":"Microsoft Entra ID, Exchange, and SharePoint \u2013 Critical Vulnerabilities","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","datePublished":"2026-07-14T21:05:19+00:00","description":"Microsoft Entra ID is introducing passkeys as the default. At the same time, critical zero-day vulnerabilities were disclosed in SharePoint (CVE-2026-56164), AD FS (CVE-2026-55040, CVSS 9.1), and Exchange (CVE-2026-55008). Updates are available.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","width":400,"height":400,"caption":"compliance-regulatory"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-exchange-sharepoint-mehrere-kritische-sicherheitsluecken-cve-2026-55008-cve-2026-56164-cve-2026-55040\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft Entra ID &#038; Exchange\/SharePoint: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-55008, CVE-2026-56164, CVE-2026-55040)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Measure and compare IT security","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/comments?post=9176"}],"version-history":[{"count":0,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9176\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media\/9142"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media?parent=9176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/categories?post=9176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/tags?post=9176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}