Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Alleged Scattered Spider Member Extradited to US for 100+ Network Hacks
July 2, 2026
Home/CyberSecurity News/Microsoft April 2026 Patch Tuesday Fixes 168 Flaws, Including an Actively Exploited 0-Day
CyberSecurity News

Microsoft April 2026 Patch Tuesday Fixes 168 Flaws, Including an Actively Exploited 0-Day

Key Takeaways Microsoft’s April 2026 Patch Tuesday addresses 168 vulnerabilities across its product line. An actively exploited zero-day, CVE-2026-32201, impacting Microsoft SharePoint Server,...

Emy Elsamnoudy
Emy Elsamnoudy
April 14, 2026 3 Min Read
38 0

Key Takeaways

  • Microsoft’s April 2026 Patch Tuesday addresses 168 vulnerabilities across its product line.
  • An actively exploited zero-day, CVE-2026-32201, impacting Microsoft SharePoint Server, demands immediate attention.
  • One publicly disclosed flaw, CVE-2026-33825, affecting Microsoft Defender, also requires urgent patching.
  • Eight critical vulnerabilities, primarily Remote Code Execution (RCE) flaws, are included in this update.

Microsoft has released its April 2026 Patch Tuesday security updates, addressing a substantial 168 vulnerabilities across its extensive portfolio of products and services. This comprehensive release includes a critical zero-day vulnerability already under active exploitation and another flaw that was publicly disclosed prior to the patch, both warranting immediate prioritization by organizations.

Table Of Content

  • Key Takeaways
  • Actively Exploited Zero-Day and Publicly Disclosed Flaw
  • Critical Remote Code Execution Vulnerabilities
  • What You Should Do

Actively Exploited Zero-Day and Publicly Disclosed Flaw

The most pressing concern in this month’s security update is CVE-2026-32201, an Important-rated spoofing vulnerability found in Microsoft SharePoint Server. This flaw is actively being exploited in the wild, allowing attackers to conduct spoofing attacks within SharePoint environments. For enterprises that rely on SharePoint for critical document management and collaborative functions, the confirmed exploitation of this vulnerability poses a significant and immediate risk. Security teams must apply this patch without delay.

Furthermore, CVE-2026-33825, an elevation of privilege vulnerability affecting Microsoft Defender, was publicly disclosed before this patch cycle. Although there are no reports of active exploitation for this specific flaw, the public availability of its details heightens the probability of imminent abuse. This makes it a high-priority target for remediation efforts.

The 168 vulnerabilities patched this month are distributed across various impact types as follows:

  • Elevation of Privilege: 93
  • Information Disclosure: 21
  • Remote Code Execution: 20
  • Security Feature Bypass: 13
  • Denial of Service: 10
  • Spoofing: 8
  • Tampering: 2
  • Defense in Depth: 1
  • Total: 168

Critical Remote Code Execution Vulnerabilities

Among the eight vulnerabilities rated as Critical, seven are Remote Code Execution (RCE) flaws, highlighting the severe nature of this month’s updates. These include:

  • CVE-2026-33827 – Windows TCP/IP Remote Code Execution Vulnerability
  • CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability
  • CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions RCE
  • CVE-2026-33115 & CVE-2026-33114 – Microsoft Word Remote Code Execution (two distinct vulnerabilities)
  • CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability
  • CVE-2026-23666 – .NET Framework Denial of Service Vulnerability (also Critical-rated)

The RCE vulnerabilities in Windows TCP/IP and Active Directory are particularly concerning due to their potential for network-level exploitation without requiring user interaction in specific configurations. This greatly increases their risk profile.

This month’s updates encompass a broad spectrum of Microsoft products and services. Key components receiving patches include the Windows Kernel (addressing multiple Elevation of Privilege flaws), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code. Notably, the Windows UPnP Device Host component alone received several Elevation of Privilege patches, indicating a concentrated effort to bolster the security of Windows networking subsystems.

What You Should Do

  • Immediate Patching for SharePoint: Prioritize the deployment of the patch for CVE-2026-32201 (SharePoint Server Spoofing Vulnerability) as an emergency measure, given its confirmed active exploitation.
  • Address Publicly Disclosed Flaw: Remediate CVE-2026-33825 (Microsoft Defender Elevation of Privilege) promptly due to its public disclosure, which increases the likelihood of exploitation.
  • Deploy Critical RCE Patches: Apply all Critical-rated Remote Code Execution patches, with particular emphasis on those affecting Windows TCP/IP, Active Directory, and the Remote Desktop Client.
  • Review and Patch Development Tools and Office: Update .NET Framework and Microsoft Office components to mitigate local and document-based attack vectors.
  • Audit for Bypass Vulnerabilities: Investigate and patch systems for WSUS and BitLocker bypass vulnerabilities (CVE-2026-32224, CVE-2026-27913), which could compromise update integrity and disk encryption.

Security teams should apply all April 2026 patches as soon as possible, with immediate priority given to the actively exploited CVE-2026-32201.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerabilityzero-day

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

CISA Warns of Critical Microsoft Exchange and Windows CLFS Bugs Exploited in Attacks

Next Post

Fortinet Patches 2 Critical Flaws in FortiSandbox, FortiOS, FortiAnalyzer

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us