Massive April Patch Tuesday

Microsoft pushed one of its biggest monthly security rollouts on April 14, fixing 167 vulnerabilities across Windows, Office, SharePoint, Defender, and other products. (msrc.microsoft.com, bleepingcomputer.com) Two of those flaws stood out: one Microsoft said attackers were already exploiting, and one that had been publicly disclosed before patches shipped. Rapid7 said the exploited bug was a SharePoint spoofing flaw tracked as CVE-2026-32201. (bleepingcomputer.com, rapid7.com) Patch Tuesday is Microsoft’s regular second-Tuesday security release, when the company bundles fixes so corporate technology teams can test and deploy them on a set schedule. April 2026 landed on Tuesday, April 14, and the update count put it near the top end of Microsoft’s monthly totals. (msrc.microsoft.com, bleepingcomputer.com) The raw totals vary slightly depending on what each tracker counts. BleepingComputer and Rapid7 counted 167 Microsoft vulnerabilities, while Cisco Talos counted 165 and Tenable counted 163 because some tallies exclude Edge fixes or count advisories differently. (bleepingcomputer.com, rapid7.com, blog.talosintelligence.com, tenable.com) Several of the highest-risk bugs could let attackers run code from across a network, which means sending malicious traffic or files to trigger software to execute the attacker’s instructions. Cisco Talos highlighted critical issues in Windows Internet Key Exchange version 2, Microsoft Office Word, and the.NET framework. (blog.talosintelligence.com) Microsoft also published the Windows updates that carry the fixes into supported desktop systems. BleepingComputer reported Windows 11 received cumulative updates KB5083769 and KB5082052, while Windows 10 received extended security update KB5082200. (bleepingcomputer.com, bleepingcomputer.com) Security vendors moved alongside Microsoft with detection guidance for defenders who cannot patch every system immediately. Cisco Talos published new Snort intrusion-detection rules tied to the April disclosures and called out the Microsoft Defender elevation-of-privilege flaw CVE-2026-33825 among the notable items. (blog.talosintelligence.com) The immediate job for companies is triage: internet-facing SharePoint servers first, then systems exposed to remote code execution paths, then the broader Windows and Office estate. That order matches the mix of active exploitation, public disclosure, and critical remote attack surface described by Microsoft and outside researchers. (msrc.microsoft.com, rapid7.com, blog.talosintelligence.com)