Microsoft’s April 2026 “Patch Tuesday” security updates have addressed more than 160 vulnerabilities, including two zero-day flaws that have been observed to be exploited in real-world attacks.
According to available information, one of the actively exploited vulnerabilities is tracked as CVE-2026-32201 and has been identified as a spoofing issue in the Microsoft SharePoint Server platform.
Microsoft stated that improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. A successful exploitation of this vulnerability could enable the attacker to access sensitive information and alter it.
Notably, following an assessment, the CVE-2026-32201 vulnerability has already been included in the Known Exploited Vulnerabilities (KEV) catalog and government institutions have been instructed to remediate the issue by April 28.
Furthermore, another vulnerability patched in the current update, tracked as CVE-2026-33825, is related to privilege escalation in Microsoft Defender. It has been reported that this vulnerability was publicly disclosed prior to the release of patches and successful exploitation could allow an attacker to obtain SYSTEM-level privileges.
In addition, the security updates have resolved multiple vulnerabilities across various categories, including remote code execution, elevation of privilege and information disclosure.
Experts note that, in terms of volume, this update package is among the most significant in recent times, approaching the record set in October 2025.
Users and organizations are strongly advised to apply updates without delay, particularly for Microsoft Office applications and SharePoint environments, as some vulnerabilities can be exploited simply by opening a malicious document or through the preview pane.
17 April 2026
13 April 2026
10 April 2026
09 April 2026
08 April 2026
06 April 2026
03 April 2026
02 April 2026
© 2011-2026 All rights reserved
