Microsoft's April 2026 Patch Tuesday has arrived, bringing a significant security update that addresses a total of 169 vulnerabilities across its product range. The most critical of these is an actively exploited zero-day flaw in Microsoft SharePoint Server, alongside numerous other critical and important security issues that demand immediate attention from organizations worldwide.

Key Takeaways

• A zero-day vulnerability in Microsoft SharePoint Server (CVE-2026-32201) is being actively exploited in the wild.

• A total of 169 vulnerabilities were patched, including 8 Critical and 157 Important rated flaws.

• Elevation of privilege vulnerabilities continue to dominate, accounting for a significant portion of the patches.

• Several other critical vulnerabilities, including remote code execution flaws in Windows TCP/IP and Active Directory, were also addressed.

Actively Exploited SharePoint Zero-Day

The headline vulnerability this month is CVE-2026-32201, a spoofing flaw in Microsoft SharePoint Server. This vulnerability, rated as 'Important', has been confirmed to be actively exploited by threat actors. It stems from improper input validation, allowing remote attackers to conduct spoofing attacks against SharePoint environments without user interaction. This could enable them to impersonate trusted entities and potentially access or modify sensitive data. Given the widespread use of SharePoint for collaboration and document management, organizations are strongly advised to prioritize patching this vulnerability immediately.

A Record-Breaking Patch Cycle

This April release marks one of the largest Patch Tuesdays on record, with a total of 169 vulnerabilities being fixed. Of these, 157 are rated 'Important', eight are 'Critical', three are 'Moderate', and one is 'Low' in severity. The types of vulnerabilities patched include privilege escalation (93), information disclosure (21), remote code execution (21), security feature bypass (14), spoofing (10), and denial-of-service (9).

Other Notable Vulnerabilities

Beyond the SharePoint zero-day, several other significant vulnerabilities require urgent attention:

• CVE-2026-33825 (Microsoft Defender): A publicly known privilege escalation flaw that could allow an authorized attacker to elevate privileges locally.

• CVE-2026-33824 (Windows IKE Service Extensions): A critical remote code execution vulnerability with a CVSS score of 9.8, posing a serious threat to enterprise environments, especially those relying on VPNs.

• CVE-2024-26203 (Azure Data Studio): An 'Important' elevation of privilege flaw allowing local attackers to bypass access controls.

• CVE-2024-28916 (Xbox Gaming Services): An 'Important' elevation of privilege issue in Xbox cryptographic services.

• CVE-2024-29059 (.NET Framework): An 'Important' information disclosure vulnerability with a high CVSS score.

Recommendations for Organizations

Security teams are urged to deploy the April 2026 security updates across all Windows and server estates as soon as possible. Top priority should be given to public-facing SharePoint servers, Azure Data Studio instances, and other critical systems affected by high-severity vulnerabilities. Continuous monitoring of system logs for suspicious activity is also recommended.

Sources

• Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities, The Hacker News.

• Microsoft April 2026 Patch Tuesday Fixes 168 Flaws, Includes Actively Exploited Zero-Day, Cyber Press.

• Microsoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-Day, GBHackers News.

• Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day, CyberSecurityNews.

• Disrupting active exploitation of on-premises SharePoint vulnerabilities, Microsoft.