Microsoft’s April 2026 Patch Tuesday: Addressing 169 Vulnerabilities Including a SharePoint Zero-Day
On April 14, 2026, Microsoft released its latest Patch Tuesday updates, addressing a record-breaking 169 security vulnerabilities across its product suite. This release marks the second-largest in the company’s history, following the October 2025 update that patched 183 flaws. ([thehackernews.com](https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html?utm_source=openai))
Breakdown of Vulnerabilities:
– Severity Levels:
– 8 Critical
– 157 Important
– 3 Moderate
– 1 Low
– Types of Vulnerabilities:
– 93 Elevation of Privilege
– 21 Information Disclosure
– 21 Remote Code Execution
– 14 Security Feature Bypass
– 10 Spoofing
– 9 Denial of Service
Notably, this update also includes fixes for four non-Microsoft issued Common Vulnerabilities and Exposures (CVEs) affecting AMD, Node.js, Windows Secure Boot, and Git for Windows. ([thehackernews.com](https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html?utm_source=openai))
Actively Exploited SharePoint Zero-Day:
Among the vulnerabilities, CVE-2026-32201 stands out as it has been actively exploited in the wild. This spoofing vulnerability in Microsoft SharePoint Server arises from improper input validation, allowing unauthenticated attackers to perform network-based spoofing attacks. Successful exploitation could grant attackers access to sensitive information and the ability to modify data, though system availability remains unaffected. ([thehackernews.com](https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html?utm_source=openai))
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-32201 to its Known Exploited Vulnerabilities catalog, mandating federal agencies to remediate the issue by April 28, 2026. ([thehackernews.com](https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html?utm_source=openai))
Publicly Disclosed Microsoft Defender Vulnerability:
Another significant vulnerability addressed is CVE-2026-33825, a privilege escalation flaw in Microsoft Defender. This issue allows authorized attackers to elevate privileges locally due to inadequate granular access controls. Microsoft has indicated that no user action is required to install the update for this vulnerability, as the platform updates itself frequently by default. ([thehackernews.com](https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html?utm_source=openai))
Additional Noteworthy Vulnerabilities:
– Windows Internet Key Exchange (IKE) Service Extensions RCE (CVE-2026-33824): A critical remote code execution vulnerability in Windows IKE Service, with a CVSS score of 9.8. ([intruceptlabs.com](https://intruceptlabs.com/2026/04/microsoft-april-2026-patch-tuesday-fixes-165-flaws-including-2-zero-days/?utm_source=openai))
– Windows TCP/IP Remote Code Execution (Wormable via IPv6) (CVE-2026-33827): Another critical RCE vulnerability in the Windows TCP/IP stack, also with a CVSS score of 9.8. ([intruceptlabs.com](https://intruceptlabs.com/2026/04/microsoft-april-2026-patch-tuesday-fixes-165-flaws-including-2-zero-days/?utm_source=openai))
Implications and Recommendations:
The sheer volume and severity of the vulnerabilities addressed in this update underscore the critical importance of timely patching. Organizations are urged to prioritize the deployment of these updates, especially for systems running Microsoft SharePoint Server and Microsoft Defender, to mitigate potential exploitation risks.
Given the active exploitation of CVE-2026-32201 and its inclusion in CISA’s Known Exploited Vulnerabilities catalog, immediate attention to this patch is paramount. Additionally, while the Microsoft Defender vulnerability (CVE-2026-33825) is addressed through automatic updates, organizations should verify that their systems have received the necessary patches.
In conclusion, Microsoft’s April 2026 Patch Tuesday serves as a stark reminder of the ever-evolving threat landscape and the necessity for organizations to maintain vigilant and proactive cybersecurity practices.
