Microsoft April 2026 Patch Tuesday Fixes 160+ Vulnerabilities, Including 2 Zero-Day Flaws - LinkedIn

Microsoft has released its latest monthly security update as part of the widely anticipated “Patch Tuesday” cycle, addressing a total of 167 vulnerabilities across its software ecosystem. Among these are two zero-day flaws, one of which has already been actively exploited in real-world attacks—raising immediate concerns among cybersecurity professionals and enterprise administrators. The April release underscores the continuing scale and complexity of modern software threats, with vulnerabilities spanning critical systems such as Windows, Microsoft Office, Defender, and SharePoint Server. Critical Vulnerabilities and Risk Landscape Of the 167 flaws resolved this month, Microsoft has classified eight as “Critical”, the highest severity rating used by the company. These include: 7 Remote Code Execution (RCE) vulnerabilities 1 Denial of Service (DoS) vulnerability Remote code execution flaws are particularly dangerous, as they can allow attackers to run malicious code on a victim’s system without authorization—potentially leading to full system compromise. Continued prevalence of RCE vulnerabilities highlights persistent weaknesses in how software handles external input and memory management. Full Breakdown of Vulnerabilities The vulnerabilities addressed in April fall into several categories: 9 Spoofing vulnerabilities 10 Denial of Service vulnerabilities 13 Security Feature Bypass vulnerabilities 20 Remote Code Execution (RCE) vulnerabilities 21 Information Disclosure vulnerabilities 93 Elevation of Privilege (EoP) vulnerabilities Elevation of Privilege issues make up the majority of flaws this month, reflecting a trend where attackers increasingly focus on gaining higher-level access after initial entry into systems. 🔥 Achieve elite-level; MTTR to stop business risks early with live threat intel from 15K SOCs | Integrate actionable TI Feeds Critical RCE Vulnerabilities Patched Among the eight vulnerabilities rated Critical, all but one involve Remote Code Execution (RCE), highlighting the seriousness of this month’s update. The affected vulnerabilities include: CVE-2026-33827 – Windows TCP/IP Remote Code Execution Vulnerability CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions RCE CVE-2026-33115 & CVE-2026-33114 – Microsoft Word Remote Code Execution Vulnerabilities (two distinct issues) CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability CVE-2026-23666 – .NET Framework Denial of Service Vulnerability (the only Critical issue not related to RCE) Two Zero-Day Vulnerabilities Raise Alarm A key focus of this month’s release is the patching of two zero-day vulnerabilities—security flaws that were either publicly disclosed or actively exploited before fixes were made available. Actively Exploited: SharePoint Server Spoofing Flaw The most urgent issue addressed is: CVE-2026-32201 – Microsoft SharePoint Server Spoofing Vulnerability According to Microsoft, this vulnerability stems from improper input validation in SharePoint, which could allow an attacker to impersonate trusted entities over a network. Successful exploitation could enable attackers to: Access sensitive information Modify data integrity Conduct targeted spoofing attacks However, Microsoft noted that the flaw does not impact system availability, meaning attackers cannot directly disrupt services through this vulnerability. The company has confirmed that the flaw was actively exploited in the wild, though it has not disclosed details about the attack methods, affected organizations, or threat actors involved. Cybersecurity analysts warn that SharePoint remains a high-value target due to its widespread use in enterprise environments for document management and internal collaboration. Publicly Disclosed: Microsoft Defender Privilege Escalation The second zero-day addressed is: CVE-2026-33825 – Microsoft Defender Elevation of Privilege Vulnerability This flaw allows attackers to escalate privileges to SYSTEM level, the highest level of access in Windows environments. Microsoft has resolved the issue through an update to the Defender Antimalware Platform: Version: 4.18.26050.3011 The update is being automatically distributed to systems, though users can manually check for updates via: Windows Security Virus & Threat Protection Protection Updates The vulnerability was discovered by Zen Dodd and Yuanpei Xu of HUST (Diffract team), highlighting the continued role of independent researchers in identifying critical security risks. Microsoft Office Vulnerabilities Pose Ongoing Threat In addition to the zero-days, Microsoft has patched several remote code execution vulnerabilities in Microsoft Office, particularly affecting: Word Excel These flaws are especially concerning because they can be triggered through: Opening malicious documents Using the preview pane, requiring little to no user interaction Security professionals emphasize that such attack vectors are commonly used in phishing campaigns, where victims unknowingly open weaponized attachments. Broader Security Implications The April Patch Tuesday release reflects several broader trends in cybersecurity: Increasing exploitation of collaboration platforms like SharePoint Continued reliance on phishing and document-based attacks Growing importance of endpoint security tools like Defender Experts warn that organizations delaying patch deployment remain at significant risk—especially when zero-day vulnerabilities are involved. Urgent Recommendations for Users and Organizations Security teams are strongly advising immediate action: Apply all April Patch Tuesday updates without delay Prioritize systems running SharePoint Server Ensure Microsoft Defender is updated to the latest version Exercise caution when opening email attachments Disable preview pane for untrusted documents where possible Conclusion Microsoft’s April 2026 Patch Tuesday serves as a stark reminder of the evolving threat landscape, with active exploitation of zero-day vulnerabilities continuing to pose serious risks. With 167 flaws addressed—many of them high severity—timely patching remains one of the most critical defenses against cyberattacks in both enterprise and consumer environments. Discern Security just launched AI Agents | A Proactive Security Platform 👇🏻 Use the Link below to access the platform Access HERE