Microsoftβs April 2026 Patch Tuesday fixes 167 vulnerabilities, including two zero-days (an actively exploited SharePoint spoofing flaw CVE-2026-32201 and a publicly disclosed Microsoft Defender elevation flaw CVE-2026-33825), plus eight Critical issues. Users should prioritize updating Microsoft Office and Defender immediately due to multiple Office RCEs exploitable via the preview pane or malicious documents. #MicrosoftSharePoint #MicrosoftDefender
Keypoints
- Microsoft released patches for 167 vulnerabilities in the April 2026 Patch Tuesday update.
- Two zero-days were fixed: CVE-2026-32201 (SharePoint, actively exploited) and CVE-2026-33825 (Microsoft Defender, publicly disclosed).
- Eight vulnerabilities are rated Critical, including seven remote code execution flaws and one denial-of-service issue.
- Multiple Microsoft Office RCEs can be triggered via the preview pane or by opening malicious documents, so Office updates should be prioritized.
- Other vendors with notable April updates include Adobe, Apple, Cisco, Fortinet, Google, Apache, and SAP.