Microsoft Patch Tuesday April 2026: 167 Vulnerabilities, Including Active Exploits

Severity: High (Score: 72.8)

Sources: Rapid7, Feeds.Feedburner, Crn, msrc.microsoft.com, Securitybrief

Summary

On April 14, 2026, Microsoft released patches for 167 vulnerabilities, including two zero-days. CVE-2026-32201, a spoofing vulnerability in SharePoint, is actively exploited, while CVE-2026-33825, affecting Microsoft Defender, is publicly disclosed but not yet exploited. The majority of the patched vulnerabilities (over 60%) are elevation-of-privilege bugs. This month marks a significant spike in vulnerability disclosures, attributed to advancements in AI-driven vulnerability discovery tools. Microsoft noted that 19 of the vulnerabilities are likely to see future exploitation. The sheer volume of vulnerabilities is unprecedented, with 80 browser vulnerabilities patched separately. Organizations using Microsoft Defender are automatically protected against CVE-2026-33825, while SharePoint admins are urged to address CVE-2026-32201 immediately. The increase in reported vulnerabilities reflects a broader trend of AI's impact on cybersecurity. Key Points: • Microsoft patched 167 vulnerabilities, including two zero-days. • CVE-2026-32201 is actively exploited, posing a significant risk. • AI advancements are driving a surge in vulnerability discoveries.

Key Entities

• Zero-day Exploit (attack_type)
• Microsoft (company)
• CVE-2023-20585 (cve)
• CVE-2026-21637 (cve)
• CVE-2026-25250 (cve)
• CVE-2026-26151 (cve)
• CVE-2026-26169 (cve)
• Active Directory (platform)
• Adobe Reader (platform)
• Chromium (platform)
• Microsoft Edge (platform)
• Microsoft Office (platform)
• Google Chrome (tool)
• PowerShell (tool)
• BlueHammer (vulnerability)