Microsoft Patch Tuesday April 2026
15 Apr 2026
Microsoft addresses 167 flaws, including two zero-days via April 2026 Patch Tuesday
The April edition of the Patch Tuesday update addresses 167 vulnerabilities, including 2 zero day vulnerabilities.
The following vulnerabilities were addressed through the update that threat actors exploited to orchestrate attacks
|
Number |
Type of |
|
93 |
Privilege elevation |
|
21 |
Information |
|
10 |
Denial of service |
|
9 |
Spoofing |
|
13 |
Security feature |
|
20 |
Remote code |
2 zero day vulnerabilities addressed
CVE-2026-32201-Microsoft SharePoint Server- Spoofing vulnerability
Microsoft addressed a zero-day vulnerability, specifically a spoofing vulnerability that allowed attackers to impersonate trusted users or services. It is widely exploited to orchestrate network-wide compromise, ransomware attacks, data breaches, and long-term stealthy espionage campaigns.
The attackers could exploit this vulnerability to:
- Gain unauthorized access to sensitive & confidential data, internal portals, and shared files
- Laterally move inside networks
- Abuse trust relationships with Active Directory/Microsoft 365 services
- Abuse privileges
- Impersonate Admin and Service accounts
- Create backdoor accounts
- Harvest credentials
- Deliver malware
- Carry out espionage and long-term surveillance
CVE-2026-33825-Microsoft Defender Elevation of Privilege
The flaw in Microsoft Defender Antimalware Platform update version 4.18.26050.3011 was addressed through this update. Attackers are exploiting the vulnerability to:
Attackers could leverage the flaw to:
- Gain full control over compromised endpoints
- Bypass security protections (like disabling antivirus, real-time scanning, and change detection rules)
- Maintain long-term stealthy access
- Steal credentials like cached passwords, hashes, and tokens
- Laterally move across the network
- Deploy ransomware
All the vulnerabilities addressed
The following is a complete list of vulnerabilities addressed in the April 2026 Patch Tuesday update: April 2026 Security Updates – Release Notes – Security Update Guide – Microsoft
This release consists of the following 165 Microsoft CVEs
Users must immediately update their Microsoft Office as Microsoft has addressed multiple flaws in Microsoft Word and Excel that were exploited via the preview pane and malicious documents.
SharkStriker’s recommendations
The following are some of the security recommendations:
- Immediately apply the April Patch Tuesday update to all the applicable Microsoft products.
- Prioritize patching the zero-day flaws and internet-facing systems and VPN/IKE components.
- Restrict and monitor Remote Desktop access for suspicious activity.
- Disable the preview pane feature in Microsoft Office until it is patched.
- Enable Multi-Factor Authentication (MFA) for administrative accounts and cloud services.
- Validate and secure Microsoft Power Apps inputs and usage.
- Monitor for indicators of exploitation, including privilege escalation attempts, abnormal Office activity, and suspicious authentication logs.
- Validate if the patches are applied effectively post-patching.
