Microsoft Patch Tuesday April 2026: Actively Vulnerabilities Fixed

Microsoft’s April 2026 Patch Tuesday security update addresses 168 vulnerabilities across its product portfolio, including one actively exploited zero-day and one publicly disclosed flaw. Both require immediate prioritization by organizations.

Zero-Day Under Active Exploitation

The most critical issue in this month’s release is CVE-2026-32201, a Microsoft SharePoint Server Spoofing Vulnerability currently being actively exploited in the wild.

Rated Important, this flaw allows attackers to conduct spoofing attacks against SharePoint environments, posing a significant risk to enterprises relying on SharePoint for document management and collaboration. Security teams are urged to apply the patch immediately, as exploitation has already been confirmed.

Additionally, CVE-2026-33825, a Microsoft Defender Elevation of Privilege Vulnerability, was publicly disclosed before this patch cycle. While no active exploitation has been reported, the public availability of information about this flaw increases the likelihood of imminent abuse, making it a high-priority remediation target.

Of the 168 vulnerabilities patched this month, the distribution by attack type is as follows:

Critical RCE Vulnerabilities Patched

Among the eight Critical-rated flaws, all but one are Remote Code Execution (RCE) vulnerabilities, underscoring the severity of this month’s release:

• CVE-2026-33827 – Windows TCP/IP Remote Code Execution Vulnerability
• CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability
• CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions RCE
• CVE-2026-33115 & CVE-2026-33114 – Microsoft Word Remote Code Execution (two separate flaws)
• CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability
• CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability
• CVE-2026-23666 – .NET Framework Denial of Service Vulnerability (Critical-rated)

The Windows TCP/IP and Active Directory RCE flaws are particularly alarming because they can be exploited at the network level without user interaction in certain configurations.

This month’s updates span a wide range of Microsoft products and services, including Windows Kernel (multiple EoP flaws), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code.

The Windows UPnP Device Host component alone received multiple EoP patches, signaling focused hardening of Windows networking subsystems.

Security and IT teams should take the following steps immediately:

• Prioritize CVE-2026-32201 (SharePoint) as an emergency patch given confirmed exploitation
• Address CVE-2026-33825 (Microsoft Defender) due to its public disclosure status
• Deploy all Critical-rated RCE patches, particularly for Windows TCP/IP, Active Directory, and Remote Desktop Client
• Review and patch .NET Framework and Office components to block local and document-based attack vectors
• Audit systems for WSUS and BitLocker bypass vulnerabilities (CVE-2026-32224, CVE-2026-27913), which could undermine update delivery and disk encryption integrity.

Security teams should apply all April 2026 patches as soon as possible, with immediate priority on CVE-2026-32201.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.