Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Microsoft April 2026 Patch Tuesday fixes 167 flaws including 2 zero-day vulnerabilities.
Summary
Microsoft released security updates for 167 vulnerabilities on April 14, 2026, including two zero-day flaws: CVE-2026-32201 (actively exploited SharePoint spoofing) and CVE-2026-33825 (Defender privilege escalation). The patch batch addresses 8 critical vulnerabilities, 7 of which are remote code execution flaws, plus 93 elevation of privilege and 20 additional RCE vulnerabilities across Windows, Office, and related products.
Full text
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days By Lawrence Abrams April 14, 2026 01:41 PM 0 Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw. The number of bugs in each vulnerability category is listed below: 93 Elevation of Privilege Vulnerabilities 13 Security Feature Bypass Vulnerabilities 20 Remote Code Execution Vulnerabilities 21 Information Disclosure Vulnerabilities 10 Denial of Service Vulnerabilities 9 Spoofing Vulnerabilities When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Mariner, Azure, and Bing flaws that were fixed by Microsoft earlier this month. There were also 80 Microsoft Edge/Chromium flaws that were fixed by Google. 2 zero-days and Microsoft Office flaws This month's Patch Tuesday fixes two zero-day vulnerabilities, with one publicly disclosed and the other actively exploited in attacks. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The actively exploited zero-day flaw is: CVE-2026-32201 - Microsoft SharePoint Server Spoofing Vulnerability Microsoft has patched a Microsoft SharePoint Server Spoofing Vulnerability that was exploited in attacks. "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network," explains Microsoft. "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability)," continued Microsoft. Microsoft has not disclosed how this vulnerability was exploited in attacks or who disclosed it. The publicly disclosed zero-day is: CVE-2026-33825 - Microsoft Defender Elevation of Privilege Vulnerability Microsoft has patched a Microsoft Defender privilege elevation flaw that gives SYSTEM privileges. The company has addressed the flaw in the Microsoft Defender Antimalware Platform update version 4.18.26050.3011, which will automatically be downloaded to systems. Windows users can manually install it by going to Windows Security > Virus & threat protection > Protection Updates, then clicking Check for updates. Microsoft has credited Zen Dodd and Yuanpei XU (HUST) with Diffract with discovering this flaw. Microsoft has also fixed multiple remote code execution bugs in Microsoft Office (Word and Excel) that can be executed via the preview pane or by opening malicious documents. Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments. Recent updates from other companies Other vendors who released updates or advisories in April 2026 include: Adobe has released security updates for Illustrator, Reader, Acrobat, Photoshop, Bridge, ColdFusion, AdobeConnect, FrameMaker, AEM, InCopy, and InDesign. These updates include a fix for an actively exploited Reader/Acrobat zero-day. Apache fixed a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that had gone undetected for 13 years. Apple enabled more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. Cisco released security updates for numerous products, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. Fortinet released security updates for numerous products, including a critical FortiClient Enterprise Management Server (EMS) vulnerability, CVE-2026-35616, which is actively exploited in attacks. Google released Android's April security bulletin and fixed a Google Chrome zero-day that was exploited in attacks. New GPUBreach rowhammer attack can escalate privileges and lead to a full system compromise. Marimo released a security update for a pre-auth RCE flaw that is now being exploited in attacks. SAP released the April security updates for multiple products, including a critical SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse The wolfSSL SSL/TLS library released a security update to fix a flaw that could force a target device or application to accept forged certificates. The April 2026 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the April 2026 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. Tag CVE ID CVE Title Severity .NET CVE-2026-26171 .NET Denial of Service Vulnerability Important .NET CVE-2026-32178 .NET Spoofing Vulnerability Important .NET and Visual Studio CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability Important .NET Framework CVE-2026-23666 .NET Framework Denial of Service Vulnerability Critical .NET Framework CVE-2026-32226 .NET Framework Denial of Service Vulnerability Important .NET, .NET Framework, Visual Studio CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Important Applocker Filter Driver (applockerfltr.sys) CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability Important Azure Logic Apps CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability Important Azure Monitor Agent CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability Important Azure Monitor Agent CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability Important Desktop Window Manager CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability Important Desktop Window Manager CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability Important Desktop Window Manager CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability Important Desktop Window Manager CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability Important Desktop Window Manager CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability Important Function Discovery Service (fdwsd.dll) CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important Function Discovery Service (fdwsd.dll) CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important Function Discovery Service (fdwsd.dll) CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important Function Discovery Service (fdwsd.dll) CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important GitHub Copilot and Visual Studio Code CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability Important GitHub Repo: Git for Windows CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes Important Input-Output Memory Management Unit (IOMMU) CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability Important Microsoft Brokering File System CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability Important Microsoft Brokering File System CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability Important Microsoft Brokering File System CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability Important Microsoft Defender CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability Important Microsoft Dynamics 365 (on-premises) CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2026-32221 Wind
Indicators of Compromise
- cve — CVE-2026-32201
- cve — CVE-2026-33825
- cve — CVE-2026-35616