Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day

Home Cyber Security Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited... Microsoft has released its April 2026 Patch Tuesday security update, addressing 168 vulnerabilities across its product portfolio, including one actively exploited zero-day and one publicly disclosed flaw that organizations must prioritize immediately. Zero-Day Under Active Exploitation The most critical issue in this month’s release is CVE-2026-32201, a Microsoft SharePoint Server Spoofing Vulnerability currently being actively exploited in the wild. Rated Important, this flaw allows attackers to conduct spoofing attacks against SharePoint environments, posing a significant risk to enterprises relying on SharePoint for document management and collaboration. Security teams are urged to apply the patch immediately, as exploitation has already been confirmed. Additionally, CVE-2026-33825, a Microsoft Defender Elevation of Privilege Vulnerability, was publicly disclosed before this patch cycle. While no active exploitation has been reported, the public availability of information about this flaw increases the likelihood of imminent abuse, making it a high-priority remediation target. Of the 168 vulnerabilities patched this month, the distribution by attack type is as follows: Impact Count Elevation of Privilege 93 Information Disclosure 21 Remote Code Execution 20 Security Feature Bypass 13 Denial of Service 10 Spoofing 8 Tampering 2 Defense in Depth 1 Total 168 Critical RCE Vulnerabilities Patched Among the eight Critical-rated flaws, all but one are Remote Code Execution (RCE) vulnerabilities, underscoring the severity of this month’s release: CVE-2026-33827 – Windows TCP/IP Remote Code Execution Vulnerability CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions RCE CVE-2026-33115 & CVE-2026-33114 – Microsoft Word Remote Code Execution (two separate flaws) CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability CVE-2026-23666 – .NET Framework Denial of Service Vulnerability (Critical-rated) The Windows TCP/IP and Active Directory RCE flaws are particularly alarming because they can be exploited at the network level without user interaction in certain configurations. This month’s updates span a wide range of Microsoft products and services, including Windows Kernel (multiple EoP flaws), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code. The Windows UPnP Device Host component alone received multiple EoP patches, signaling focused hardening of Windows networking subsystems. Security and IT teams should take the following steps immediately: Prioritize CVE-2026-32201 (SharePoint) as an emergency patch given confirmed exploitation Address CVE-2026-33825 (Microsoft Defender) due to its public disclosure status Deploy all Critical-rated RCE patches, particularly for Windows TCP/IP, Active Directory, and Remote Desktop Client Review and patch .NET Framework and Office components to block local and document-based attack vectors Audit systems for WSUS and BitLocker bypass vulnerabilities (CVE-2026-32224, CVE-2026-27913), which could undermine update delivery and disk encryption integrity. CVE Impact Description CVE-2026-33829 Spoofing Windows Snipping Tool CVE-2026-33827 Remote Code Execution Windows TCP/IP CVE-2026-33826 Remote Code Execution Windows Active Directory CVE-2026-33825 Elevation of Privilege Microsoft Defender CVE-2026-33824 Remote Code Execution Windows IKE Extension CVE-2026-33822 Information Disclosure Microsoft Office Word CVE-2026-33120 Remote Code Execution SQL Server CVE-2026-33116 Denial of Service .NET, .NET Framework, Visual Studio CVE-2026-33115 Remote Code Execution Microsoft Office Word CVE-2026-33114 Remote Code Execution Microsoft Office Word CVE-2026-33104 Elevation of Privilege Windows Win32K – GRFX CVE-2026-33103 Information Disclosure Microsoft Dynamics 365 (on-premises) CVE-2026-33101 Elevation of Privilege Windows Print Spooler Components CVE-2026-33100 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-33099 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-33098 Elevation of Privilege Windows Container Isolation FS Filter Driver CVE-2026-33096 Denial of Service Windows HTTP.sys CVE-2026-33095 Remote Code Execution Microsoft Office Word CVE-2026-32226 Denial of Service .NET Framework CVE-2026-32225 Security Feature Bypass Windows Shell CVE-2026-32224 Elevation of Privilege Windows Server Update Service CVE-2026-32223 Elevation of Privilege Windows USB Print Driver CVE-2026-32222 Elevation of Privilege Windows Win32K – ICOMP CVE-2026-32221 Remote Code Execution Microsoft Graphics Component CVE-2026-32220 Security Feature Bypass Windows Virtualization-Based Security (VBS) Enclave CVE-2026-32219 Elevation of Privilege Microsoft Brokering File System CVE-2026-32218 Information Disclosure Windows Kernel CVE-2026-32217 Information Disclosure Windows Kernel CVE-2026-32216 Denial of Service Windows Redirected Drive Buffering CVE-2026-32215 Information Disclosure Windows Kernel CVE-2026-32214 Information Disclosure Universal Plug and Play (upnp.dll) CVE-2026-32212 Information Disclosure Universal Plug and Play (upnp.dll) CVE-2026-32203 Denial of Service .NET and Visual Studio CVE-2026-32202 Spoofing Windows Shell CVE-2026-32201 Spoofing Microsoft Office SharePoint CVE-2026-32200 Remote Code Execution Microsoft Office PowerPoint CVE-2026-32199 Remote Code Execution Microsoft Office Excel CVE-2026-32198 Remote Code Execution Microsoft Office Excel CVE-2026-32197 Remote Code Execution Microsoft Office Excel CVE-2026-32196 Spoofing Windows Admin Center CVE-2026-32195 Elevation of Privilege Windows Kernel CVE-2026-32192 Elevation of Privilege Azure Monitor Agent CVE-2026-32190 Remote Code Execution Microsoft Office CVE-2026-32189 Remote Code Execution Microsoft Office Excel CVE-2026-32188 Information Disclosure Microsoft Office Excel CVE-2026-32187 Defense in Depth Microsoft Edge (Chromium-based) CVE-2026-32184 Elevation of Privilege Microsoft High Performance Compute Pack (HPC) CVE-2026-32183 Remote Code Execution Windows Snipping Tool CVE-2026-32181 Denial of Service Microsoft Windows CVE-2026-32178 Spoofing .NET CVE-2026-32176 Elevation of Privilege SQL Server CVE-2026-32171 Elevation of Privilege Azure Logic Apps CVE-2026-32168 Elevation of Privilege Azure Monitor Agent CVE-2026-32167 Elevation of Privilege SQL Server CVE-2026-32165 Elevation of Privilege Windows User Interface Core CVE-2026-32164 Elevation of Privilege Windows User Interface Core CVE-2026-32163 Elevation of Privilege Windows User Interface Core CVE-2026-32162 Elevation of Privilege Windows COM CVE-2026-32160 Elevation of Privilege Windows Push Notifications CVE-2026-32159 Elevation of Privilege Windows Push Notifications CVE-2026-32158 Elevation of Privilege Windows Push Notifications CVE-2026-32157 Remote Code Execution Remote Desktop Client CVE-2026-32156 Remote Code Execution Windows Universal Plug and Play (UPnP) Device Host CVE-2026-32155 Elevation of Privilege Desktop Window Manager CVE-2026-32154 Elevation of Privilege Desktop Window Manager CVE-2026-32153 Elevation of Privilege Microsoft Windows Speech CVE-2026-32152 Elevation of Privilege Desktop Window Manager CVE-2026-32151 Information Disclosure Windows Shell CVE-2026-32150 Elevation of Privilege Function Discovery Service (fdwsd.dll) CVE-2026-32149 Remote Code Execution Role: Windows Hyper-V CVE-2026-32093 Elevation of Privilege Function Discovery Service (fdwsd.dll) CVE-2026-32091 Elevation of Privilege Microsoft Brokering File System CVE-2026-32090 Elevation of Privilege Windows Speech Brokered Api CVE-2026-32089 Elevation of Privilege Windows Speech Brokered Api CVE-2026-32088 Security Feature Bypass Windows Biometric Service CVE-2026-32087 Elevation of Privilege Function Discovery Service (fdwsd.dll) CVE-2026-32086 Elevation of Privilege Function Discovery Service (fdwsd.dll) CVE-2026-32085 Information Disclosure Windows Remote Procedure Call CVE-2026-32084 Information Disclosure Windows File Explorer CVE-2026-32083 Elevation of Privilege Windows SSDP Service CVE-2026-32082 Elevation of Privilege Windows SSDP Service CVE-2026-32081 Information Disclosure Windows File Explorer CVE-2026-32080 Elevation of Privilege Windows WalletService CVE-2026-32079 Information Disclosure Windows File Explorer CVE-2026-32078 Elevation of Privilege Windows Projected File System CVE-2026-32077 Elevation of Privilege Windows Universal Plug and Play (UPnP) Device Host CVE-2026-32076 Elevation of Privilege Windows Storage Spaces Controller CVE-2026-32075 Elevation of Privilege Windows Universal Plug and Play (UPnP) Device Host CVE-2026-32074 Elevation of Privilege Windows Projected File System CVE-2026-32073 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-32072 Spoofing Windows Active Directory CVE-2026-32071 Denial of Service Windows Local Security Authority Subsystem Service (LSASS) CVE-2026-32070 Elevation of Privilege Windows Common Log File System Driver CVE-2026-32069 Elevation of Privilege Windows Projected File System CVE-2026-32068 Elevation of Privilege Windows SSDP Service CVE-2026-27931 Information Disclosure Windows GDI CVE-2026-27930 Information Disclosure Windows GDI CVE-2026-27929 Elevation of Privilege Windows LUAFV CVE-2026-27928 Security Feature Bypass Windows Hello CVE-2026-27927 Elevation of Privilege Windows Projected File System CVE-2026-27926 Elevation of Privilege Windows Cloud Files Mini Filter Driver CVE-2026-27925 Information Disclosure Windows Universal Plug and Play (UPnP) Device Host CVE-2026-27924 Elevation of Privilege Desktop Window Manager CVE-2026-27923 Elevation of Privilege Desktop Window Manager CVE-2026-27922 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-27921 Elevation of Privilege Windows TCP/IP CVE-2026-27920 Elevation of Privilege Windows Universal Plug and Play (UPnP) Device Host CVE-2026-27919 Elevation of Privilege Windows Universal Plug and Play (UPnP) Device Host CVE-2026-27918 Elevation of Privilege Windows Shell CVE-2026-27917 Elevation of Privilege Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) CVE-2026-27916 Elevation of Privilege Windows Universal Plug and Play (UPnP) Device Host CVE-2026-27915 Elevation of Privilege Windows Universal Plug and Play (UPnP) Device Host CVE-2026-27914 Elevation of Privilege Microsoft Management Console CVE-2026-27913 Security Feature Bypass Windows BitLocker CVE-2026-27912 Elevation of Privilege Windows Kerberos CVE-2026-27911 Elevation of Privilege Windows User Interface Core CVE-2026-27910 Elevation of Privilege Windows Installer CVE-2026-27909 Elevation of Privilege Microsoft Windows Search Component CVE-2026-27908 Elevation of Privilege Windows TDI Translation Driver (tdx.sys) CVE-2026-27907 Elevation of Privilege Windows Storage Spaces Controller CVE-2026-27906 Security Feature Bypass Windows Hello CVE-2026-26184 Elevation of Privilege Windows Projected File System CVE-2026-26183 Elevation of Privilege Windows RPC API CVE-2026-26182 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-26181 Elevation of Privilege Microsoft Brokering File System CVE-2026-26180 Elevation of Privilege Windows Kernel CVE-2026-26179 Elevation of Privilege Windows Kernel CVE-2026-26178 Elevation of Privilege Windows Advanced Rasterization Platform CVE-2026-26177 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-26176 Elevation of Privilege Windows Client Side Caching driver (csc.sys) CVE-2026-26175 Security Feature Bypass Windows Boot Manager CVE-2026-26174 Elevation of Privilege Windows Server Update Service CVE-2026-26173 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-26172 Elevation of Privilege Windows Push Notifications CVE-2026-26171 Denial of Service .NET CVE-2026-26170 Elevation of Privilege Microsoft PowerShell CVE-2026-26169 Information Disclosure Windows Kernel Memory CVE-2026-26168 Elevation of Privilege Windows Ancillary Function Driver for WinSock CVE-2026-26167 Elevation of Privilege Windows Push Notifications CVE-2026-26166 Elevation of Privilege Windows Shell CVE-2026-26165 Elevation of Privilege Windows Shell CVE-2026-26163 Elevation of Privilege Windows Kernel CVE-2026-26162 Elevation of Privilege Windows OLE CVE-2026-26161 Elevation of Privilege Windows Sensor Data Service CVE-2026-26160 Elevation of Privilege Windows Remote Desktop Licensing Service CVE-2026-26159 Elevation of Privilege Windows Remote Desktop Licensing Service CVE-2026-26156 Remote Code Execution Role: Windows Hyper-V CVE-2026-26155 Information Disclosure Windows Local Security Authority Subsystem Service (LSASS) CVE-2026-26154 Tampering Windows Server Update Service CVE-2026-26153 Elevation of Privilege Windows Encrypting File System (EFS) CVE-2026-26152 Elevation of Privilege Windows Cryptographic Services CVE-2026-26151 Spoofing Windows Remote Desktop CVE-2026-26149 Security Feature Bypass Microsoft Power Apps CVE-2026-26143 Security Feature Bypass Microsoft PowerShell CVE-2026-25184 Elevation of Privilege Applocker Filter Driver (applockerfltr.sys) CVE-2026-23670 Security Feature Bypass Windows Virtualization-Based Security (VBS) Enclave CVE-2026-23666 Denial of Service .NET Framework CVE-2026-23657 Remote Code Execution Microsoft Office Word CVE-2026-23653 Information Disclosure GitHub Copilot and Visual Studio Code CVE-2026-20945 Spoofing Microsoft Office SharePoint CVE-2026-20930 Elevation of Privilege Windows Management Services CVE-2026-20928 Security Feature Bypass Windows Recovery Environment Agent CVE-2026-20806 Information Disclosure Windows COM CVE-2026-0390 Security Feature Bypass Windows Boot Loader CVE-2026-32631 Information Disclosure GitHub Repo: Git for Windows CVE-2026-25250 Security Feature Bypass Windows Secure Boot CVE-2026-21637 Denial of Service Node.js CVE-2023-20585 Tampering Input-Output Memory Management Unit (IOMMU) Security teams should apply all April 2026 patches as soon as possible, with immediate priority on CVE-2026-32201. Other Patch Tuesday Updates: Ivanti Neurons for ITSM Vulnerabilities Allow Remote Attacker to Obtain User Sessions Critical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized Commands SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Critical etcd Auth Bypass Flaw Allows Unauthorized Access to Sensitive Cluster APIs Cyber Security News Ivanti Neurons for ITSM Vulnerabilities Allow Remote Attacker to Obtain User Sessions Cyber Security News CISA Warns of Microsoft Exchange and Windows CLFS Vulnerabilities Exploited in Attacks Cyber Security News Critical ShowDoc RCE Vulnerability Active Exploited in the Wild Cyber Security News Synology SSL VPN Client Vulnerabilities Let Remote Attackers Access Sensitive Files