The most critical issue in this month’s release is CVE-2026-32201, a Microsoft SharePoint Server Spoofing Vulnerability currently being actively exploited in the wild.
Rated Important, this flaw allows attackers to conduct spoofing attacks against SharePoint environments, posing a significant risk to enterprises relying on SharePoint for document management and collaboration. Security teams are urged to apply the patch immediately, as exploitation has already been confirmed.
Additionally, CVE-2026-33825, a Microsoft Defender Elevation of Privilege Vulnerability, was publicly disclosed before this patch cycle. While no active exploitation has been reported, the public availability of information about this flaw increases the likelihood of imminent abuse, making it a high-priority remediation target.
Of the 168 vulnerabilities patched this month, the distribution by attack type is as follows:
| Impact | Count |
|---|---|
| Elevation of Privilege | 93 |
| Information Disclosure | 21 |
| Remote Code Execution | 20 |
| Security Feature Bypass | 13 |
| Denial of Service | 10 |
| Spoofing | 8 |
| Tampering | 2 |
| Defense in Depth | 1 |
| Total | 168 |
Among the eight Critical-rated flaws, all but one are Remote Code Execution (RCE) vulnerabilities, underscoring the severity of this month’s release:
The Windows TCP/IP and Active Directory RCE flaws are particularly alarming because they can be exploited at the network level without user interaction in certain configurations.
This month’s updates span a wide range of Microsoft products and services, including Windows Kernel (multiple EoP flaws), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code.
The Windows UPnP Device Host component alone received multiple EoP patches, signaling focused hardening of Windows networking subsystems.
Security and IT teams should take the following steps immediately:
| CVE | Impact | Description |
| CVE-2026-33829 | Spoofing | Windows Snipping Tool |
| CVE-2026-33827 | Remote Code Execution | Windows TCP/IP |
| CVE-2026-33826 | Remote Code Execution | Windows Active Directory |
| CVE-2026-33825 | Elevation of Privilege | Microsoft Defender |
| CVE-2026-33824 | Remote Code Execution | Windows IKE Extension |
| CVE-2026-33822 | Information Disclosure | Microsoft Office Word |
| CVE-2026-33120 | Remote Code Execution | SQL Server |
| CVE-2026-33116 | Denial of Service | .NET, .NET Framework, Visual Studio |
| CVE-2026-33115 | Remote Code Execution | Microsoft Office Word |
| CVE-2026-33114 | Remote Code Execution | Microsoft Office Word |
| CVE-2026-33104 | Elevation of Privilege | Windows Win32K – GRFX |
| CVE-2026-33103 | Information Disclosure | Microsoft Dynamics 365 (on-premises) |
| CVE-2026-33101 | Elevation of Privilege | Windows Print Spooler Components |
| CVE-2026-33100 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-33099 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-33098 | Elevation of Privilege | Windows Container Isolation FS Filter Driver |
| CVE-2026-33096 | Denial of Service | Windows HTTP.sys |
| CVE-2026-33095 | Remote Code Execution | Microsoft Office Word |
| CVE-2026-32226 | Denial of Service | .NET Framework |
| CVE-2026-32225 | Security Feature Bypass | Windows Shell |
| CVE-2026-32224 | Elevation of Privilege | Windows Server Update Service |
| CVE-2026-32223 | Elevation of Privilege | Windows USB Print Driver |
| CVE-2026-32222 | Elevation of Privilege | Windows Win32K – ICOMP |
| CVE-2026-32221 | Remote Code Execution | Microsoft Graphics Component |
| CVE-2026-32220 | Security Feature Bypass | Windows Virtualization-Based Security (VBS) Enclave |
| CVE-2026-32219 | Elevation of Privilege | Microsoft Brokering File System |
| CVE-2026-32218 | Information Disclosure | Windows Kernel |
| CVE-2026-32217 | Information Disclosure | Windows Kernel |
| CVE-2026-32216 | Denial of Service | Windows Redirected Drive Buffering |
| CVE-2026-32215 | Information Disclosure | Windows Kernel |
| CVE-2026-32214 | Information Disclosure | Universal Plug and Play (upnp.dll) |
| CVE-2026-32212 | Information Disclosure | Universal Plug and Play (upnp.dll) |
| CVE-2026-32203 | Denial of Service | .NET and Visual Studio |
| CVE-2026-32202 | Spoofing | Windows Shell |
| CVE-2026-32201 | Spoofing | Microsoft Office SharePoint |
| CVE-2026-32200 | Remote Code Execution | Microsoft Office PowerPoint |
| CVE-2026-32199 | Remote Code Execution | Microsoft Office Excel |
| CVE-2026-32198 | Remote Code Execution | Microsoft Office Excel |
| CVE-2026-32197 | Remote Code Execution | Microsoft Office Excel |
| CVE-2026-32196 | Spoofing | Windows Admin Center |
| CVE-2026-32195 | Elevation of Privilege | Windows Kernel |
| CVE-2026-32192 | Elevation of Privilege | Azure Monitor Agent |
| CVE-2026-32190 | Remote Code Execution | Microsoft Office |
| CVE-2026-32189 | Remote Code Execution | Microsoft Office Excel |
| CVE-2026-32188 | Information Disclosure | Microsoft Office Excel |
| CVE-2026-32187 | Defense in Depth | Microsoft Edge (Chromium-based) |
| CVE-2026-32184 | Elevation of Privilege | Microsoft High Performance Compute Pack (HPC) |
| CVE-2026-32183 | Remote Code Execution | Windows Snipping Tool |
| CVE-2026-32181 | Denial of Service | Microsoft Windows |
| CVE-2026-32178 | Spoofing | .NET |
| CVE-2026-32176 | Elevation of Privilege | SQL Server |
| CVE-2026-32171 | Elevation of Privilege | Azure Logic Apps |
| CVE-2026-32168 | Elevation of Privilege | Azure Monitor Agent |
| CVE-2026-32167 | Elevation of Privilege | SQL Server |
| CVE-2026-32165 | Elevation of Privilege | Windows User Interface Core |
| CVE-2026-32164 | Elevation of Privilege | Windows User Interface Core |
| CVE-2026-32163 | Elevation of Privilege | Windows User Interface Core |
| CVE-2026-32162 | Elevation of Privilege | Windows COM |
| CVE-2026-32160 | Elevation of Privilege | Windows Push Notifications |
| CVE-2026-32159 | Elevation of Privilege | Windows Push Notifications |
| CVE-2026-32158 | Elevation of Privilege | Windows Push Notifications |
| CVE-2026-32157 | Remote Code Execution | Remote Desktop Client |
| CVE-2026-32156 | Remote Code Execution | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-32155 | Elevation of Privilege | Desktop Window Manager |
| CVE-2026-32154 | Elevation of Privilege | Desktop Window Manager |
| CVE-2026-32153 | Elevation of Privilege | Microsoft Windows Speech |
| CVE-2026-32152 | Elevation of Privilege | Desktop Window Manager |
| CVE-2026-32151 | Information Disclosure | Windows Shell |
| CVE-2026-32150 | Elevation of Privilege | Function Discovery Service (fdwsd.dll) |
| CVE-2026-32149 | Remote Code Execution | Role: Windows Hyper-V |
| CVE-2026-32093 | Elevation of Privilege | Function Discovery Service (fdwsd.dll) |
| CVE-2026-32091 | Elevation of Privilege | Microsoft Brokering File System |
| CVE-2026-32090 | Elevation of Privilege | Windows Speech Brokered Api |
| CVE-2026-32089 | Elevation of Privilege | Windows Speech Brokered Api |
| CVE-2026-32088 | Security Feature Bypass | Windows Biometric Service |
| CVE-2026-32087 | Elevation of Privilege | Function Discovery Service (fdwsd.dll) |
| CVE-2026-32086 | Elevation of Privilege | Function Discovery Service (fdwsd.dll) |
| CVE-2026-32085 | Information Disclosure | Windows Remote Procedure Call |
| CVE-2026-32084 | Information Disclosure | Windows File Explorer |
| CVE-2026-32083 | Elevation of Privilege | Windows SSDP Service |
| CVE-2026-32082 | Elevation of Privilege | Windows SSDP Service |
| CVE-2026-32081 | Information Disclosure | Windows File Explorer |
| CVE-2026-32080 | Elevation of Privilege | Windows WalletService |
| CVE-2026-32079 | Information Disclosure | Windows File Explorer |
| CVE-2026-32078 | Elevation of Privilege | Windows Projected File System |
| CVE-2026-32077 | Elevation of Privilege | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-32076 | Elevation of Privilege | Windows Storage Spaces Controller |
| CVE-2026-32075 | Elevation of Privilege | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-32074 | Elevation of Privilege | Windows Projected File System |
| CVE-2026-32073 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-32072 | Spoofing | Windows Active Directory |
| CVE-2026-32071 | Denial of Service | Windows Local Security Authority Subsystem Service (LSASS) |
| CVE-2026-32070 | Elevation of Privilege | Windows Common Log File System Driver |
| CVE-2026-32069 | Elevation of Privilege | Windows Projected File System |
| CVE-2026-32068 | Elevation of Privilege | Windows SSDP Service |
| CVE-2026-27931 | Information Disclosure | Windows GDI |
| CVE-2026-27930 | Information Disclosure | Windows GDI |
| CVE-2026-27929 | Elevation of Privilege | Windows LUAFV |
| CVE-2026-27928 | Security Feature Bypass | Windows Hello |
| CVE-2026-27927 | Elevation of Privilege | Windows Projected File System |
| CVE-2026-27926 | Elevation of Privilege | Windows Cloud Files Mini Filter Driver |
| CVE-2026-27925 | Information Disclosure | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-27924 | Elevation of Privilege | Desktop Window Manager |
| CVE-2026-27923 | Elevation of Privilege | Desktop Window Manager |
| CVE-2026-27922 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-27921 | Elevation of Privilege | Windows TCP/IP |
| CVE-2026-27920 | Elevation of Privilege | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-27919 | Elevation of Privilege | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-27918 | Elevation of Privilege | Windows Shell |
| CVE-2026-27917 | Elevation of Privilege | Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) |
| CVE-2026-27916 | Elevation of Privilege | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-27915 | Elevation of Privilege | Windows Universal Plug and Play (UPnP) Device Host |
| CVE-2026-27914 | Elevation of Privilege | Microsoft Management Console |
| CVE-2026-27913 | Security Feature Bypass | Windows BitLocker |
| CVE-2026-27912 | Elevation of Privilege | Windows Kerberos |
| CVE-2026-27911 | Elevation of Privilege | Windows User Interface Core |
| CVE-2026-27910 | Elevation of Privilege | Windows Installer |
| CVE-2026-27909 | Elevation of Privilege | Microsoft Windows Search Component |
| CVE-2026-27908 | Elevation of Privilege | Windows TDI Translation Driver (tdx.sys) |
| CVE-2026-27907 | Elevation of Privilege | Windows Storage Spaces Controller |
| CVE-2026-27906 | Security Feature Bypass | Windows Hello |
| CVE-2026-26184 | Elevation of Privilege | Windows Projected File System |
| CVE-2026-26183 | Elevation of Privilege | Windows RPC API |
| CVE-2026-26182 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-26181 | Elevation of Privilege | Microsoft Brokering File System |
| CVE-2026-26180 | Elevation of Privilege | Windows Kernel |
| CVE-2026-26179 | Elevation of Privilege | Windows Kernel |
| CVE-2026-26178 | Elevation of Privilege | Windows Advanced Rasterization Platform |
| CVE-2026-26177 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-26176 | Elevation of Privilege | Windows Client Side Caching driver (csc.sys) |
| CVE-2026-26175 | Security Feature Bypass | Windows Boot Manager |
| CVE-2026-26174 | Elevation of Privilege | Windows Server Update Service |
| CVE-2026-26173 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-26172 | Elevation of Privilege | Windows Push Notifications |
| CVE-2026-26171 | Denial of Service | .NET |
| CVE-2026-26170 | Elevation of Privilege | Microsoft PowerShell |
| CVE-2026-26169 | Information Disclosure | Windows Kernel Memory |
| CVE-2026-26168 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock |
| CVE-2026-26167 | Elevation of Privilege | Windows Push Notifications |
| CVE-2026-26166 | Elevation of Privilege | Windows Shell |
| CVE-2026-26165 | Elevation of Privilege | Windows Shell |
| CVE-2026-26163 | Elevation of Privilege | Windows Kernel |
| CVE-2026-26162 | Elevation of Privilege | Windows OLE |
| CVE-2026-26161 | Elevation of Privilege | Windows Sensor Data Service |
| CVE-2026-26160 | Elevation of Privilege | Windows Remote Desktop Licensing Service |
| CVE-2026-26159 | Elevation of Privilege | Windows Remote Desktop Licensing Service |
| CVE-2026-26156 | Remote Code Execution | Role: Windows Hyper-V |
| CVE-2026-26155 | Information Disclosure | Windows Local Security Authority Subsystem Service (LSASS) |
| CVE-2026-26154 | Tampering | Windows Server Update Service |
| CVE-2026-26153 | Elevation of Privilege | Windows Encrypting File System (EFS) |
| CVE-2026-26152 | Elevation of Privilege | Windows Cryptographic Services |
| CVE-2026-26151 | Spoofing | Windows Remote Desktop |
| CVE-2026-26149 | Security Feature Bypass | Microsoft Power Apps |
| CVE-2026-26143 | Security Feature Bypass | Microsoft PowerShell |
| CVE-2026-25184 | Elevation of Privilege | Applocker Filter Driver (applockerfltr.sys) |
| CVE-2026-23670 | Security Feature Bypass | Windows Virtualization-Based Security (VBS) Enclave |
| CVE-2026-23666 | Denial of Service | .NET Framework |
| CVE-2026-23657 | Remote Code Execution | Microsoft Office Word |
| CVE-2026-23653 | Information Disclosure | GitHub Copilot and Visual Studio Code |
| CVE-2026-20945 | Spoofing | Microsoft Office SharePoint |
| CVE-2026-20930 | Elevation of Privilege | Windows Management Services |
| CVE-2026-20928 | Security Feature Bypass | Windows Recovery Environment Agent |
| CVE-2026-20806 | Information Disclosure | Windows COM |
| CVE-2026-0390 | Security Feature Bypass | Windows Boot Loader |
| CVE-2026-32631 | Information Disclosure | GitHub Repo: Git for Windows |
| CVE-2026-25250 | Security Feature Bypass | Windows Secure Boot |
| CVE-2026-21637 | Denial of Service | Node.js |
| CVE-2023-20585 | Tampering | Input-Output Memory Management Unit (IOMMU) |
Security teams should apply all April 2026 patches as soon as possible, with immediate priority on CVE-2026-32201.
Other Patch Tuesday Updates:
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day appeared first on Cyber Security News.
BIG COUNTRY, Texas (KTAB/KRBC) – The Storm Prediction Center has placed nearly the entire Big…
ABILENE, Texas (KTAB/KRBC) - McMurry University has launched Abilene’s only collegiate gymnastics program. The program…
COLEMAN, Texas (KTAB/KRBC) - As the City of Coleman gets ready to celebrate its 150th…
ABILENE, Texas (KTAB/KRBC) - A new pickleball complex proposed in north Abilene has been given…
Editor’s Note: The Abilene Police Department supplied the following arrest and incident reports. All information…
Wake-Up Weather: isolated to scattered severe storms at bat once again
This website uses cookies.