Microsoft April 2026 Patch Tuesday Fixes 168 Flaws, Including an Actively Exploited 0-Day
Key Takeaways Microsoft’s April 2026 Patch Tuesday addresses 168 vulnerabilities across its product line. An actively exploited zero-day, CVE-2026-32201, impacting Microsoft SharePoint Server,...
Key Takeaways
- Microsoft’s April 2026 Patch Tuesday addresses 168 vulnerabilities across its product line.
- An actively exploited zero-day, CVE-2026-32201, impacting Microsoft SharePoint Server, demands immediate attention.
- One publicly disclosed flaw, CVE-2026-33825, affecting Microsoft Defender, also requires urgent patching.
- Eight critical vulnerabilities, primarily Remote Code Execution (RCE) flaws, are included in this update.
Microsoft has released its April 2026 Patch Tuesday security updates, addressing a substantial 168 vulnerabilities across its extensive portfolio of products and services. This comprehensive release includes a critical zero-day vulnerability already under active exploitation and another flaw that was publicly disclosed prior to the patch, both warranting immediate prioritization by organizations.
Table Of Content
Actively Exploited Zero-Day and Publicly Disclosed Flaw
The most pressing concern in this month’s security update is CVE-2026-32201, an Important-rated spoofing vulnerability found in Microsoft SharePoint Server. This flaw is actively being exploited in the wild, allowing attackers to conduct spoofing attacks within SharePoint environments. For enterprises that rely on SharePoint for critical document management and collaborative functions, the confirmed exploitation of this vulnerability poses a significant and immediate risk. Security teams must apply this patch without delay.
Furthermore, CVE-2026-33825, an elevation of privilege vulnerability affecting Microsoft Defender, was publicly disclosed before this patch cycle. Although there are no reports of active exploitation for this specific flaw, the public availability of its details heightens the probability of imminent abuse. This makes it a high-priority target for remediation efforts.
The 168 vulnerabilities patched this month are distributed across various impact types as follows:
- Elevation of Privilege: 93
- Information Disclosure: 21
- Remote Code Execution: 20
- Security Feature Bypass: 13
- Denial of Service: 10
- Spoofing: 8
- Tampering: 2
- Defense in Depth: 1
- Total: 168
Critical Remote Code Execution Vulnerabilities
Among the eight vulnerabilities rated as Critical, seven are Remote Code Execution (RCE) flaws, highlighting the severe nature of this month’s updates. These include:
- CVE-2026-33827 – Windows TCP/IP Remote Code Execution Vulnerability
- CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability
- CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions RCE
- CVE-2026-33115 & CVE-2026-33114 – Microsoft Word Remote Code Execution (two distinct vulnerabilities)
- CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability
- CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2026-23666 – .NET Framework Denial of Service Vulnerability (also Critical-rated)
The RCE vulnerabilities in Windows TCP/IP and Active Directory are particularly concerning due to their potential for network-level exploitation without requiring user interaction in specific configurations. This greatly increases their risk profile.
This month’s updates encompass a broad spectrum of Microsoft products and services. Key components receiving patches include the Windows Kernel (addressing multiple Elevation of Privilege flaws), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code. Notably, the Windows UPnP Device Host component alone received several Elevation of Privilege patches, indicating a concentrated effort to bolster the security of Windows networking subsystems.
What You Should Do
- Immediate Patching for SharePoint: Prioritize the deployment of the patch for CVE-2026-32201 (SharePoint Server Spoofing Vulnerability) as an emergency measure, given its confirmed active exploitation.
- Address Publicly Disclosed Flaw: Remediate CVE-2026-33825 (Microsoft Defender Elevation of Privilege) promptly due to its public disclosure, which increases the likelihood of exploitation.
- Deploy Critical RCE Patches: Apply all Critical-rated Remote Code Execution patches, with particular emphasis on those affecting Windows TCP/IP, Active Directory, and the Remote Desktop Client.
- Review and Patch Development Tools and Office: Update .NET Framework and Microsoft Office components to mitigate local and document-based attack vectors.
- Audit for Bypass Vulnerabilities: Investigate and patch systems for WSUS and BitLocker bypass vulnerabilities (CVE-2026-32224, CVE-2026-27913), which could compromise update integrity and disk encryption.
Security teams should apply all April 2026 patches as soon as possible, with immediate priority given to the actively exploited CVE-2026-32201.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.