Huge Microsoft patch batch
Microsoft released an unusually large April patch bundle that fixed 167 flaws, including two zero‑days and at least one SharePoint vulnerability being actively exploited. Security outlets called it one of Microsoft's largest monthly batches and warned several flaws were under active attack, which could stress validation and rollback processes. (bleepingcomputer.com)
Microsoft’s April 14 patch release fixed 167 security flaws, including an actively exploited SharePoint bug and a zero-day in Microsoft Defender. (bleepingcomputer.com) Microsoft said eight of the flaws were rated Critical, including seven remote code execution bugs, the kind that can let an attacker run code from afar. BleepingComputer counted 93 elevation-of-privilege bugs, 20 remote code execution bugs, 21 information disclosure bugs, 10 denial-of-service bugs, 13 security feature bypass bugs, and 9 spoofing bugs. (bleepingcomputer.com) The exploited zero-day is CVE-2026-32201, a Microsoft SharePoint Server spoofing flaw. Microsoft said improper input validation in SharePoint let an unauthorized attacker perform spoofing over a network, with impact to confidentiality and integrity but not availability. (bleepingcomputer.com) The second zero-day is CVE-2026-33825, an elevation-of-privilege flaw in Microsoft Defender that can grant SYSTEM privileges on a machine. Microsoft addressed it in Microsoft Defender Antimalware Platform version 4.18.26050.3011, which the company said should download automatically. (bleepingcomputer.com) Patch Tuesday is Microsoft’s monthly security release day, when companies test and deploy fixes across Windows, Office, SharePoint, and other products. Rapid7 said Microsoft rated 19 of this month’s vulnerabilities as more likely to be exploited in the future, which gives defenders a longer triage list than usual. (rapid7.com) Security researchers said the size of the batch stands out even by Patch Tuesday standards. Satnam Narang of Tenable told KrebsOnSecurity that April 2026 was Microsoft’s second-biggest Patch Tuesday ever, just behind October 2025. (krebsonsecurity.com) Rapid7 said SharePoint administrators should start with CVE-2026-32201 because Microsoft confirmed exploitation in the wild. The firm also noted that attackers often chain lower-scoring bugs together, which can make a spoofing flaw more dangerous than its score suggests on its own. (rapid7.com) The SharePoint timing is tight for some organizations because SharePoint Server 2016 leaves extended support on July 14, 2026. Microsoft’s lifecycle page says that date ends security updates for the product, leaving lagging customers with less room for delay. (learn.microsoft.com) Microsoft also released the related Windows updates on April 14, including Windows 11 packages KB5083769 and KB5082052 and the Windows 10 extended security update KB5082200. For security teams, that means the work now shifts from reading advisories to testing, deployment, and making sure emergency fixes do not break business systems. (bleepingcomputer.com)
