Breaking
Severe storms possible across Big Country Tuesday night
Flip into the future: McMurry announces gymnastics program
Coleman’s 150th celebration to feature Lady A, Aaron Watson, William Beckmann
Abilene Pickleball complex gets official approval
Crime Reports: Abilene teen says she was robbed at gunpoint by suspects buying item
Wake-Up Weather: isolated to scattered severe storms at bat once again
The Refurbished Sonos Arc Ultra Soundbar Finally Shows in Stock With a Sweet 20% Discount
Save 40% Off the Lenovo Legion Glasses 2 Micro-OLED Personal Wearable Display on Amazon
Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits
Fortinet Patches 11 Vulnerabilities Across FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager
14 Apr 2026, Tue
Launch Your Site in 5 Minutes
Cyber Security News

Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day

By rssfeeds-admin No Comments
Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day
Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day
Microsoft has released its April 2026 Patch Tuesday security update, addressing 168 vulnerabilities across its product portfolio, including one actively exploited zero-day and one publicly disclosed flaw that organizations must prioritize immediately.

Zero-Day Under Active Exploitation

The most critical issue in this month’s release is CVE-2026-32201, a Microsoft SharePoint Server Spoofing Vulnerability currently being actively exploited in the wild.

Rated Important, this flaw allows attackers to conduct spoofing attacks against SharePoint environments, posing a significant risk to enterprises relying on SharePoint for document management and collaboration. Security teams are urged to apply the patch immediately, as exploitation has already been confirmed.

Additionally, CVE-2026-33825, a Microsoft Defender Elevation of Privilege Vulnerability, was publicly disclosed before this patch cycle. While no active exploitation has been reported, the public availability of information about this flaw increases the likelihood of imminent abuse, making it a high-priority remediation target.

Of the 168 vulnerabilities patched this month, the distribution by attack type is as follows:

ImpactCount
Elevation of Privilege93
Information Disclosure21
Remote Code Execution20
Security Feature Bypass13
Denial of Service10
Spoofing8
Tampering2
Defense in Depth1
Total168

Critical RCE Vulnerabilities Patched

Among the eight Critical-rated flaws, all but one are Remote Code Execution (RCE) vulnerabilities, underscoring the severity of this month’s release:

  • CVE-2026-33827 – Windows TCP/IP Remote Code Execution Vulnerability
  • CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability
  • CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions RCE
  • CVE-2026-33115 & CVE-2026-33114 – Microsoft Word Remote Code Execution (two separate flaws)
  • CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability
  • CVE-2026-23666 – .NET Framework Denial of Service Vulnerability (Critical-rated)

The Windows TCP/IP and Active Directory RCE flaws are particularly alarming because they can be exploited at the network level without user interaction in certain configurations.

This month’s updates span a wide range of Microsoft products and services, including Windows Kernel (multiple EoP flaws), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code.

The Windows UPnP Device Host component alone received multiple EoP patches, signaling focused hardening of Windows networking subsystems.

Security and IT teams should take the following steps immediately:

  • Prioritize CVE-2026-32201 (SharePoint) as an emergency patch given confirmed exploitation
  • Address CVE-2026-33825 (Microsoft Defender) due to its public disclosure status
  • Deploy all Critical-rated RCE patches, particularly for Windows TCP/IP, Active Directory, and Remote Desktop Client
  • Review and patch .NET Framework and Office components to block local and document-based attack vectors
  • Audit systems for WSUS and BitLocker bypass vulnerabilities (CVE-2026-32224, CVE-2026-27913), which could undermine update delivery and disk encryption integrity.
CVEImpactDescription
CVE-2026-33829SpoofingWindows Snipping Tool
CVE-2026-33827Remote Code ExecutionWindows TCP/IP
CVE-2026-33826Remote Code ExecutionWindows Active Directory
CVE-2026-33825Elevation of PrivilegeMicrosoft Defender
CVE-2026-33824Remote Code ExecutionWindows IKE Extension
CVE-2026-33822Information DisclosureMicrosoft Office Word
CVE-2026-33120Remote Code ExecutionSQL Server
CVE-2026-33116Denial of Service.NET, .NET Framework, Visual Studio
CVE-2026-33115Remote Code ExecutionMicrosoft Office Word
CVE-2026-33114Remote Code ExecutionMicrosoft Office Word
CVE-2026-33104Elevation of PrivilegeWindows Win32K – GRFX
CVE-2026-33103Information DisclosureMicrosoft Dynamics 365 (on-premises)
CVE-2026-33101Elevation of PrivilegeWindows Print Spooler Components
CVE-2026-33100Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-33099Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-33098Elevation of PrivilegeWindows Container Isolation FS Filter Driver
CVE-2026-33096Denial of ServiceWindows HTTP.sys
CVE-2026-33095Remote Code ExecutionMicrosoft Office Word
CVE-2026-32226Denial of Service.NET Framework
CVE-2026-32225Security Feature BypassWindows Shell
CVE-2026-32224Elevation of PrivilegeWindows Server Update Service
CVE-2026-32223Elevation of PrivilegeWindows USB Print Driver
CVE-2026-32222Elevation of PrivilegeWindows Win32K – ICOMP
CVE-2026-32221Remote Code ExecutionMicrosoft Graphics Component
CVE-2026-32220Security Feature BypassWindows Virtualization-Based Security (VBS) Enclave
CVE-2026-32219Elevation of PrivilegeMicrosoft Brokering File System
CVE-2026-32218Information DisclosureWindows Kernel
CVE-2026-32217Information DisclosureWindows Kernel
CVE-2026-32216Denial of ServiceWindows Redirected Drive Buffering
CVE-2026-32215Information DisclosureWindows Kernel
CVE-2026-32214Information DisclosureUniversal Plug and Play (upnp.dll)
CVE-2026-32212Information DisclosureUniversal Plug and Play (upnp.dll)
CVE-2026-32203Denial of Service.NET and Visual Studio
CVE-2026-32202SpoofingWindows Shell
CVE-2026-32201SpoofingMicrosoft Office SharePoint
CVE-2026-32200Remote Code ExecutionMicrosoft Office PowerPoint
CVE-2026-32199Remote Code ExecutionMicrosoft Office Excel
CVE-2026-32198Remote Code ExecutionMicrosoft Office Excel
CVE-2026-32197Remote Code ExecutionMicrosoft Office Excel
CVE-2026-32196SpoofingWindows Admin Center
CVE-2026-32195Elevation of PrivilegeWindows Kernel
CVE-2026-32192Elevation of PrivilegeAzure Monitor Agent
CVE-2026-32190Remote Code ExecutionMicrosoft Office
CVE-2026-32189Remote Code ExecutionMicrosoft Office Excel
CVE-2026-32188Information DisclosureMicrosoft Office Excel
CVE-2026-32187Defense in DepthMicrosoft Edge (Chromium-based)
CVE-2026-32184Elevation of PrivilegeMicrosoft High Performance Compute Pack (HPC)
CVE-2026-32183Remote Code ExecutionWindows Snipping Tool
CVE-2026-32181Denial of ServiceMicrosoft Windows
CVE-2026-32178Spoofing.NET
CVE-2026-32176Elevation of PrivilegeSQL Server
CVE-2026-32171Elevation of PrivilegeAzure Logic Apps
CVE-2026-32168Elevation of PrivilegeAzure Monitor Agent
CVE-2026-32167Elevation of PrivilegeSQL Server
CVE-2026-32165Elevation of PrivilegeWindows User Interface Core
CVE-2026-32164Elevation of PrivilegeWindows User Interface Core
CVE-2026-32163Elevation of PrivilegeWindows User Interface Core
CVE-2026-32162Elevation of PrivilegeWindows COM
CVE-2026-32160Elevation of PrivilegeWindows Push Notifications
CVE-2026-32159Elevation of PrivilegeWindows Push Notifications
CVE-2026-32158Elevation of PrivilegeWindows Push Notifications
CVE-2026-32157Remote Code ExecutionRemote Desktop Client
CVE-2026-32156Remote Code ExecutionWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-32155Elevation of PrivilegeDesktop Window Manager
CVE-2026-32154Elevation of PrivilegeDesktop Window Manager
CVE-2026-32153Elevation of PrivilegeMicrosoft Windows Speech
CVE-2026-32152Elevation of PrivilegeDesktop Window Manager
CVE-2026-32151Information DisclosureWindows Shell
CVE-2026-32150Elevation of PrivilegeFunction Discovery Service (fdwsd.dll)
CVE-2026-32149Remote Code ExecutionRole: Windows Hyper-V
CVE-2026-32093Elevation of PrivilegeFunction Discovery Service (fdwsd.dll)
CVE-2026-32091Elevation of PrivilegeMicrosoft Brokering File System
CVE-2026-32090Elevation of PrivilegeWindows Speech Brokered Api
CVE-2026-32089Elevation of PrivilegeWindows Speech Brokered Api
CVE-2026-32088Security Feature BypassWindows Biometric Service
CVE-2026-32087Elevation of PrivilegeFunction Discovery Service (fdwsd.dll)
CVE-2026-32086Elevation of PrivilegeFunction Discovery Service (fdwsd.dll)
CVE-2026-32085Information DisclosureWindows Remote Procedure Call
CVE-2026-32084Information DisclosureWindows File Explorer
CVE-2026-32083Elevation of PrivilegeWindows SSDP Service
CVE-2026-32082Elevation of PrivilegeWindows SSDP Service
CVE-2026-32081Information DisclosureWindows File Explorer
CVE-2026-32080Elevation of PrivilegeWindows WalletService
CVE-2026-32079Information DisclosureWindows File Explorer
CVE-2026-32078Elevation of PrivilegeWindows Projected File System
CVE-2026-32077Elevation of PrivilegeWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-32076Elevation of PrivilegeWindows Storage Spaces Controller
CVE-2026-32075Elevation of PrivilegeWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-32074Elevation of PrivilegeWindows Projected File System
CVE-2026-32073Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-32072SpoofingWindows Active Directory
CVE-2026-32071Denial of ServiceWindows Local Security Authority Subsystem Service (LSASS)
CVE-2026-32070Elevation of PrivilegeWindows Common Log File System Driver
CVE-2026-32069Elevation of PrivilegeWindows Projected File System
CVE-2026-32068Elevation of PrivilegeWindows SSDP Service
CVE-2026-27931Information DisclosureWindows GDI
CVE-2026-27930Information DisclosureWindows GDI
CVE-2026-27929Elevation of PrivilegeWindows LUAFV
CVE-2026-27928Security Feature BypassWindows Hello
CVE-2026-27927Elevation of PrivilegeWindows Projected File System
CVE-2026-27926Elevation of PrivilegeWindows Cloud Files Mini Filter Driver
CVE-2026-27925Information DisclosureWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-27924Elevation of PrivilegeDesktop Window Manager
CVE-2026-27923Elevation of PrivilegeDesktop Window Manager
CVE-2026-27922Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-27921Elevation of PrivilegeWindows TCP/IP
CVE-2026-27920Elevation of PrivilegeWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-27919Elevation of PrivilegeWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-27918Elevation of PrivilegeWindows Shell
CVE-2026-27917Elevation of PrivilegeWindows WFP NDIS Lightweight Filter Driver (wfplwfs.sys)
CVE-2026-27916Elevation of PrivilegeWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-27915Elevation of PrivilegeWindows Universal Plug and Play (UPnP) Device Host
CVE-2026-27914Elevation of PrivilegeMicrosoft Management Console
CVE-2026-27913Security Feature BypassWindows BitLocker
CVE-2026-27912Elevation of PrivilegeWindows Kerberos
CVE-2026-27911Elevation of PrivilegeWindows User Interface Core
CVE-2026-27910Elevation of PrivilegeWindows Installer
CVE-2026-27909Elevation of PrivilegeMicrosoft Windows Search Component
CVE-2026-27908Elevation of PrivilegeWindows TDI Translation Driver (tdx.sys)
CVE-2026-27907Elevation of PrivilegeWindows Storage Spaces Controller
CVE-2026-27906Security Feature BypassWindows Hello
CVE-2026-26184Elevation of PrivilegeWindows Projected File System
CVE-2026-26183Elevation of PrivilegeWindows RPC API
CVE-2026-26182Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-26181Elevation of PrivilegeMicrosoft Brokering File System
CVE-2026-26180Elevation of PrivilegeWindows Kernel
CVE-2026-26179Elevation of PrivilegeWindows Kernel
CVE-2026-26178Elevation of PrivilegeWindows Advanced Rasterization Platform
CVE-2026-26177Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-26176Elevation of PrivilegeWindows Client Side Caching driver (csc.sys)
CVE-2026-26175Security Feature BypassWindows Boot Manager
CVE-2026-26174Elevation of PrivilegeWindows Server Update Service
CVE-2026-26173Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-26172Elevation of PrivilegeWindows Push Notifications
CVE-2026-26171Denial of Service.NET
CVE-2026-26170Elevation of PrivilegeMicrosoft PowerShell
CVE-2026-26169Information DisclosureWindows Kernel Memory
CVE-2026-26168Elevation of PrivilegeWindows Ancillary Function Driver for WinSock
CVE-2026-26167Elevation of PrivilegeWindows Push Notifications
CVE-2026-26166Elevation of PrivilegeWindows Shell
CVE-2026-26165Elevation of PrivilegeWindows Shell
CVE-2026-26163Elevation of PrivilegeWindows Kernel
CVE-2026-26162Elevation of PrivilegeWindows OLE
CVE-2026-26161Elevation of PrivilegeWindows Sensor Data Service
CVE-2026-26160Elevation of PrivilegeWindows Remote Desktop Licensing Service
CVE-2026-26159Elevation of PrivilegeWindows Remote Desktop Licensing Service
CVE-2026-26156Remote Code ExecutionRole: Windows Hyper-V
CVE-2026-26155Information DisclosureWindows Local Security Authority Subsystem Service (LSASS)
CVE-2026-26154TamperingWindows Server Update Service
CVE-2026-26153Elevation of PrivilegeWindows Encrypting File System (EFS)
CVE-2026-26152Elevation of PrivilegeWindows Cryptographic Services
CVE-2026-26151SpoofingWindows Remote Desktop
CVE-2026-26149Security Feature BypassMicrosoft Power Apps
CVE-2026-26143Security Feature BypassMicrosoft PowerShell
CVE-2026-25184Elevation of PrivilegeApplocker Filter Driver (applockerfltr.sys)
CVE-2026-23670Security Feature BypassWindows Virtualization-Based Security (VBS) Enclave
CVE-2026-23666Denial of Service.NET Framework
CVE-2026-23657Remote Code ExecutionMicrosoft Office Word
CVE-2026-23653Information DisclosureGitHub Copilot and Visual Studio Code
CVE-2026-20945SpoofingMicrosoft Office SharePoint
CVE-2026-20930Elevation of PrivilegeWindows Management Services
CVE-2026-20928Security Feature BypassWindows Recovery Environment Agent
CVE-2026-20806Information DisclosureWindows COM
CVE-2026-0390Security Feature BypassWindows Boot Loader
CVE-2026-32631Information DisclosureGitHub Repo: Git for Windows
CVE-2026-25250Security Feature BypassWindows Secure Boot
CVE-2026-21637Denial of ServiceNode.js
CVE-2023-20585TamperingInput-Output Memory Management Unit (IOMMU)

Security teams should apply all April 2026 patches as soon as possible, with immediate priority on CVE-2026-32201.

Other Patch Tuesday Updates:

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day appeared first on Cyber Security News.

Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

By rssfeeds-admin

Related Posts

Cyber Security News

Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits

rssfeeds-admin
Cyber Security News

Fortinet Patches 11 Vulnerabilities Across FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager

rssfeeds-admin
Cyber Security News

Why Cross-Platform Threats Are Becoming a Bigger Problem for SOC Teams 

rssfeeds-admin

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

Texas News

Severe storms possible across Big Country Tuesday night

Texas News

Flip into the future: McMurry announces gymnastics program

Texas News

Coleman’s 150th celebration to feature Lady A, Aaron Watson, William Beckmann

Texas News

Abilene Pickleball complex gets official approval

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading