Microsoft Addresses Active Zero-Day Vulnerabilities in SharePoint and Defender

Severity: High (Score: 75.8)

Sources: Gbhackers, Cybersecuritynews, Infosecurity-Magazine

Summary

On April 14, 2026, Microsoft released critical patches for two zero-day vulnerabilities: CVE-2026-32201 and CVE-2026-33825. CVE-2026-32201 is a server spoofing vulnerability in SharePoint that is actively being exploited, allowing unauthenticated attackers to manipulate user trust through network-based spoofing. This flaw poses a significant risk as it can facilitate phishing and social engineering attacks. The second vulnerability, CVE-2026-33825, is an elevation of privilege issue in Microsoft Defender, which could allow attackers to gain system-level access. Both vulnerabilities were disclosed as part of Microsoft's monthly Patch Tuesday update, which included a total of 93 CVEs. System administrators are urged to apply the patches immediately to mitigate risks. The vulnerabilities affect multiple versions of SharePoint Server and the Microsoft Defender Antimalware Platform, highlighting the urgent need for updates in enterprise environments. Key Points: • CVE-2026-32201 is actively exploited, allowing spoofing attacks in SharePoint. • CVE-2026-33825 enables elevation of privilege in Microsoft Defender, risking system access. • Microsoft urges immediate patching to protect against these critical vulnerabilities.

Key Entities

• Phishing (attack_type)
• Zero-day Exploit (attack_type)
• CVE-2026-32201 (cve)
• CVE-2026-33824 (cve)
• CVE-2026-33825 (cve)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• T1562.001 - Disable Or Modify Tools (mitre_attack)
• Microsoft Defender (platform)
• SharePoint (platform)
• SharePoint Server (platform)
• Windows (platform)