Back

Microsoft Patch Tuesday April 2026: 167 Vulnerabilities Fixed, Two Active Zero-Days

Severity: High (Score: 72.9)

Sources: msrc.microsoft.com, Infosecurity-Magazine, Securityaffairs.Co, Thecyberexpress, Petri

Summary

On April 14, 2026, Microsoft released patches for 167 vulnerabilities, including two zero-day flaws. CVE-2026-32201, a spoofing vulnerability in SharePoint Server, is actively exploited in the wild, allowing attackers to manipulate information presented to users. The second zero-day, CVE-2026-33825, affects Microsoft Defender and allows for elevation of privileges to SYSTEM level. Microsoft has rated 19 of the vulnerabilities as likely to be exploited soon, indicating a significant risk. The majority of the patched vulnerabilities fall under the categories of elevation of privilege and remote code execution. This month’s update reflects a notable increase in vulnerability disclosures, attributed to advancements in AI-driven vulnerability discovery tools. Organizations are urged to apply the patches immediately to mitigate risks. The updates affect various Microsoft products, including Windows, Office, and SharePoint. Key Points: • Microsoft patched 167 vulnerabilities, including two critical zero-days. • CVE-2026-32201 is actively exploited, allowing spoofing attacks in SharePoint. • CVE-2026-33825 enables elevation of privileges in Microsoft Defender.

Key Entities

  • DDoS (attack_type)
  • Denial of Service (attack_type)
  • Phishing (attack_type)
  • Remote Code Execution (attack_type)
  • Zero-day Exploit (attack_type)
  • Microsoft (company)
  • Azure (company)
  • CVE-2023-20585 (cve)
  • CVE-2026-0390 (cve)
  • CVE-2026-20945 (cve)
  • CVE-2026-21637 (cve)
  • CVE-2026-23666 (cve)
  • onmsft.com (domain)
  • T1021.001 - Remote Desktop Protocol (mitre_attack)
  • T1021 - Remote Services (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1203 - Exploitation for Client Execution (mitre_attack)
  • Active Directory (platform)
  • Adobe Acrobat Reader (platform)
  • Adobe Reader (platform)
  • BitLocker (platform)
  • Chromium (platform)
  • Google Chrome (tool)
  • Remote Desktop (tool)
  • PowerShell (tool)
  • BlueHammer (vulnerability)
  • Microsoft Defender Elevation Of Privilege Vulnerability (vulnerability)
  • Microsoft SharePoint Server Spoofing Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed