Microsoft April Patch Batch

Microsoft pushed one of its biggest monthly security update batches on April 14, fixing 163 Microsoft-tracked vulnerabilities, including an actively exploited SharePoint flaw. (tenable.com) Patch Tuesday is Microsoft’s once-a-month security release, when the company ships fixes for bugs across Windows, Office, servers, and developer tools. This April batch covered Windows, Microsoft Office SharePoint, Microsoft Defender, SQL Server, Hyper-V, Azure,.NET, and Visual Studio. (zerodayinitiative.com) Tenable counted 163 Microsoft Common Vulnerabilities and Exposures, or CVEs, with eight rated critical, 154 rated important, and one rated moderate. Rapid7 counted 167 because it included additional items Microsoft published outside Tenable’s tally. (tenable.com) (rapid7.com) The most urgent fix was CVE-2026-32201, a Microsoft SharePoint Server spoofing bug that Microsoft and the Cybersecurity and Infrastructure Security Agency said had already been exploited in the wild. The National Vulnerability Database said the flaw lets an unauthorized attacker exploit improper input validation over a network. (cisa.gov) (nvd.nist.gov) CISA added CVE-2026-32201 to its Known Exploited Vulnerabilities catalog on April 14 and gave federal civilian agencies until April 28 to apply mitigations, follow vendor guidance for cloud services, or stop using the product if no mitigation is available. The affected SharePoint versions listed by the National Vulnerability Database include SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. (cisa.gov) (nvd.nist.gov) The second zero-day was CVE-2026-33825, a Microsoft Defender elevation-of-privilege flaw that Microsoft said had been publicly disclosed before the patch. Rapid7 said successful exploitation could give an attacker SYSTEM privileges, but Defender’s antimalware platform usually updates automatically. (rapid7.com) (msrc.microsoft.com) Several of the critical bugs were remote code execution flaws, the kind that can let an attacker run malicious code from across a network. CrowdStrike highlighted CVE-2026-33826 in Windows Active Directory, while the Zero Day Initiative singled out CVE-2026-33827 in Windows Transmission Control Protocol and Internet Protocol, or TCP/IP, as “wormable” on systems with Internet Protocol version 6 and Internet Protocol Security enabled. (crowdstrike.com) (zerodayinitiative.com) This was Microsoft’s second-largest Patch Tuesday by several researchers’ counts, behind October 2025. Tenable, Rapid7, and the Zero Day Initiative all described April’s release as unusually large for a single month. (tenable.com) (rapid7.com) (zerodayinitiative.com) The split in the counts is a reminder that Patch Tuesday totals depend on what each tracker includes, but the operational message is the same: SharePoint administrators need to move first, and Windows teams have a long patch queue behind them. (tenable.com) (rapid7.com)