URL has been copied successfully!
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
  1. 8Critical
  2. 154Important
  3. 1Moderate
  4. 0Low

Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second largest Patch Tuesday release, nearing the record set by the October 2025 Patch Tuesday release with 167 CVEs. Our counts omitted two non-Microsoft CVEs from this month’s release. A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in April 2026. This month’s update includes patches for: .NET .NET and Visual Studio .NET Framework .NET,.NET Framework, Visual Studio Applocker Filter Driver (applockerfltr.sys) Azure Logic Apps Azure Monitor Agent Desktop Window Manager Function Discovery Service (fdwsd.dll) GitHub Copilot and Visual Studio Code Microsoft Brokering File System Microsoft Defender Microsoft Dynamics 365 (on-premises) Microsoft Edge (Chromium-based) Microsoft Graphics Component Microsoft High Performance Compute Pack (HPC) Microsoft Management Console Microsoft Office Microsoft Office Excel Microsoft Office PowerPoint Microsoft Office SharePoint Microsoft Office Word Microsoft Power Apps Microsoft PowerShell Microsoft Windows Microsoft Windows Search Component Microsoft Windows Speech Remote Desktop Client Role: Windows Hyper-V SQL Server Universal Plug and Play (upnp.dll) Windows Active Directory Windows Admin Center Windows Advanced Rasterization Platform Windows Ancillary Function Driver for WinSock Windows Biometric Service Windows BitLocker Windows Boot Loader Windows Boot Manager Windows Client Side Caching driver (csc.sys) Windows Cloud Files Mini Filter Driver Windows COM Windows Common Log File System Driver Windows Container Isolation FS Filter Driver Windows Cryptographic Services Windows Encrypting File System (EFS) Windows File Explorer Windows GDI Windows Hello Windows HTTP.sys Windows IKE Extension Windows Installer Windows Kerberos Windows Kernel Windows Kernel Memory Windows Local Security Authority Subsystem Service (LSASS) Windows LUAFV Windows Management Services Windows OLE Windows Print Spooler Components Windows Projected File System Windows Push Notifications Windows Recovery Environment Agent Windows Redirected Drive Buffering Windows Remote Desktop Windows Remote Desktop Licensing Service Windows Remote Procedure Call Windows RPC API Windows Sensor Data Service Windows Server Update Service Windows Shell Windows Snipping Tool Windows Speech Brokered Api Windows SSDP Service Windows Storage Spaces Controller Windows TCP/IP Windows TDI Translation Driver (tdx.sys) Windows Universal Plug and Play (UPnP) Device Host Windows USB Print Driver Windows User Interface Core Windows Virtualization-Based Security (VBS) Enclave Windows WalletService Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Windows Win32K – GRFX Windows Win32K – ICOMP A bar chart showing the count by impact of CVEs patched in the April 2026 Patch Tuesday release. Elevation of privilege (EoP) vulnerabilities accounted for 57.1% of the vulnerabilities patched this month, followed by information disclosure vulnerabilities and remote code execution (RCE) vulnerabilities at 12.3% each.

Important

CVE-2026-20945 and CVE-2026-32201 – Microsoft SharePoint Server Spoofing Vulnerability

CVE-2026-20945 and CVE-2026-32201 are spoofing vulnerabilities affecting Microsoft SharePoint. CVE-2026-20945 received a CVSSv3 score of 4.6, while CVE-2026-32201 received a score of 6.5. According to Microsoft, CVE-2026-32201 was exploited in the wild as a zero-day. Microsoft has released updates for SharePoint 2016, 2019 and SharePoint Server Subscription Edition to address these flaws.

Important

CVE-2026-33825 – Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-33825 is an EoP vulnerability in Microsoft Defender. It received a CVSSv3 score of 7.8 and was rated important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available. While Microsoft’s advisory made no mention of public exploit code, the description appears to match a zero-day exploit, known as BlueHammer, with code posted to GitHub on April 3rd. A researcher using the alias “Chaotic Eclipse” released the exploit and expressed concern about Microsoft’s handling of the vulnerability disclosure process.

Critical

CVE-2026-33826 – Windows Active Directory Remote Code Execution Vulnerability

CVE-2026-33826 is a RCE vulnerability affecting Windows Active Directory. It received a CVSSv3 score of 8, was rated as critical and was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Successful exploitation requires an authenticated attacker to send a specially crafted RPC call to a vulnerable RPC host, resulting in code execution with the same permissions as the RPC host. Despite the exploitation assessment and severity, the Microsoft advisory does note that an attacker would need to be in the “same restricted Active Directory domain as the target system” in order to exploit this flaw.

Critical

CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

CVE-2026-33824 is a RCE affecting Windows Internet Key Exchange (IKE) Service Extensions. It received a CVSSv3 score of 9.8 and was rated as critical. This vulnerability can be exploited by an unauthenticated attacker by sending crafted packets to a target with IKE version 2 enabled. Microsoft’s advisory includes some mitigations that can be applied in the event immediate patching cannot be performed. This includes firewall rules for UDP ports 500 and 4500.

Important

CVE-2026-27913 – Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-27913 is a security feature bypass vulnerability affecting Windows BitLocker. It received a CVSSv3 score of 7.7 and was rated as important. Successful exploitation could allow an attacker to bypass Secure Boot, a UEFI firmware security feature used to allow only trusted and properly signed software runs during the startup process. While there’s no known exploitation of this vulnerability as of the time this blog was published, Microsoft assesses this vulnerability as “Exploitation More Likely.”

Important

CVE-2026-26151 – Remote Desktop Spoofing Vulnerability

CVE-2026-26151 is a spoofing vulnerability in Remote Desktop. It was assigned a CVSS v3 score of 7.1 and rated important. Microsoft assesses this vulnerability as more likely to be exploited. An attacker could exploit this vulnerability by convincing a target to open a crafted file. This vulnerability was credited to the United Kingdom’s National Cyber Security Centre (NCSC). Previously, users would not receive any warning when attempting to open a Remote Desktop Protocol (RDP) file. However, starting with the April 2026 Security Update, users will now receive more sufficient warning dialogues when interacting with potentially malicious RDP files. For more information, visit this link.

Tenable Solutions

A list of all the plugins released for Microsoft’s April 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched. For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Microsoft’s April 2026 Security Updates Tenable plugins for Microsoft April 2026 Patch Tuesday Security Updates Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats. Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2026/04/microsofts-april-2026-patch-tuesday-addresses-163-cves-cve-2026-32201/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
  2. Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
  3. Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
  4. Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework