Microsoft large Patch Tuesday

Microsoft pushed one of its biggest monthly security updates on April 14, fixing an actively exploited SharePoint flaw alongside more than 160 other vulnerabilities. (msrc.microsoft.com) (tenable.com) The flaw under attack is CVE-2026-32201, a Microsoft SharePoint Server spoofing bug that Microsoft says comes from improper input validation. Security researchers and trade outlets said attackers could use it to make malicious content appear trustworthy inside SharePoint and, in some cases, access or alter exposed information. (securityweek.com) (thehackernews.com) SharePoint is Microsoft’s document and intranet platform, used by companies and government agencies to store files, publish internal pages, and share records across teams. A spoofing bug in that system is closer to a forged badge than a broken lock: it can make users trust content or interfaces that are not what they seem. (securityweek.com) (krebsonsecurity.com) The Cybersecurity and Infrastructure Security Agency added CVE-2026-32201 to its Known Exploited Vulnerabilities catalog, the federal list for bugs already used in real attacks. Under Binding Operational Directive 22-01, civilian federal agencies must fix cataloged flaws on CISA’s timetable, and reports on April 15 said the SharePoint deadline was April 28, 2026. (cisa.gov 1) (cisa.gov 2) (thehackernews.com) The size of the release depends on how trackers count bundled items and non-Microsoft entries, but the range was unusually high across the board. Tenable counted 163 Microsoft Common Vulnerabilities and Exposures entries, SecurityWeek reported 165 fixes, and other trackers put the total at 167 to 169. (tenable.com) (securityweek.com) (thehackernews.com) Tenable said eight of the patched flaws were rated critical, 154 important, and one moderate in its count. Security researchers also flagged a second zero-day, CVE-2026-33825 in Microsoft Defender, because Microsoft said that privilege-escalation bug had been publicly disclosed before patches shipped. (tenable.com) (securityweek.com) SecurityWeek reported that 19 of the remaining April vulnerabilities carried Microsoft’s “exploitation more likely” assessment, including bugs in Windows components such as Boot Loader, Active Directory, Remote Desktop, BitLocker, Transmission Control Protocol and Internet Protocol, and the Common Log File System driver. Those are the parts of Windows that handle startup, identity, remote access, disk encryption, networking, and system logging. (securityweek.com) Researchers said the April release was Microsoft’s second-largest Patch Tuesday by Common Vulnerabilities and Exposures count, trailing the October 2025 cycle. That leaves defenders with the same immediate task as the opening headline: patch SharePoint first, then work through a month’s worth of Windows and Microsoft product fixes behind it. (tenable.com) (securityweek.com)