Microsoft April patches

Microsoft’s April security updates closed an actively exploited SharePoint flaw and a Microsoft Defender bug that could hand attackers full system control. (thehackernews.com) Microsoft released the fixes on April 14 as part of its monthly Patch Tuesday cycle. Security firms and trade press counted between 163 and 169 vulnerabilities across the release, depending on whether they included Microsoft Edge and other separately tracked items. (tenable.com) (bleepingcomputer.com) (thehackernews.com) The SharePoint bug, CVE-2026-32201, is a spoofing vulnerability in on-premises SharePoint Server that Microsoft and outside researchers said was already being exploited in the wild. Microsoft’s support bulletin for SharePoint Server Subscription Edition says the April 14 update resolves that issue in build 16.0.19725.20210. (thehackernews.com) (support.microsoft.com) The second zero-day, CVE-2026-33825, affects Microsoft Defender and is an elevation-of-privilege flaw. Tenable and other researchers said a local attacker could abuse Defender’s signature update process to gain SYSTEM privileges, the highest level of control on a Windows machine. (tenable.com) (fieldeffect.com) A zero-day is a security hole that defenders are patching after attackers or researchers have already found it. In this case, the SharePoint flaw hit a collaboration server used inside companies, while the Defender flaw hit the security software meant to protect those same Windows systems. (thehackernews.com) (tenable.com) The federal government’s cyber agency added a separate Windows flaw, CVE-2025-60710 in Task Host, to its Known Exploited Vulnerabilities catalog this week. The Cybersecurity and Infrastructure Security Agency said U.S. civilian agencies must patch by April 28 under Binding Operational Directive 22-01. (bleepingcomputer.com) (cisa.gov) Task Host is a built-in Windows process that helps run background jobs and shut programs down cleanly. The CVE-2025-60710 bug is a privilege-escalation issue, which means an attacker who already has a foothold can use it to climb from ordinary user access to SYSTEM access. (bleepingcomputer.com) (nvd.nist.gov) The April release was one of Microsoft’s largest patch bundles in recent years. SecurityWeek called it the company’s second-largest Patch Tuesday by vulnerability count, and Redmondmag said Microsoft shipped fixes for 163 new Common Vulnerabilities and Exposures entries, including three zero-days and eight critical flaws. (securityweek.com) (redmondmag.com) For companies running SharePoint Server on their own networks, the immediate work is straightforward: install the April 14 updates, review Defender platform versions, and treat the Task Host warning as a sign that attackers are still chaining old Windows privilege bugs after initial access. (support.microsoft.com) (bleepingcomputer.com) (tenable.com)