Microsoft Addresses 163 CVEs - April Patch Tuesday Update

Microsoft released 163 patches for April Patch Tuesday, addressing critical vulnerabilities including a SharePoint zero-day. Immediate action is recommended to secure systems.

VulnerabilitiesHIGHUpdated: Apr 24, 2026Published: Apr 17, 2026

Vulnerability Identifier

CVE-2026-32201

6.5

Medium

CISA KEV: YES · Due 2026-04-28EPSS: 7.9% · 92.1%

Vendor

Microsoft

Affected Product

SharePoint < 16.0.19725.20210

Vulnerability TypeSpoofing

CWE IDCWE-20

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Workaround Available—

CIA Triad Impact

Low

None

Exploit Maturity

Unproven

PoC Available

Weaponized

Actively Exploited

Vulnerability Timeline

Reported to Vendor2026-04-01

Patch Released2026-04-17

Public Disclosure2026-04-14

Affected Environments

Windows ServerSharePoint Server

Patch Available

Yes

NVD References2 advisories

Technology

T1203Exploitation for Client Execution T1068Exploitation of Vulnerability T1075Pass-the-Hash T1078Valid Accounts

Check for the latest Microsoft patches and ensure they are installed.

Review system logs for any signs of exploitation related to the reported CVEs.

Utilize security tools to scan for vulnerabilities associated with the recent updates.

#cve-2026-32201#cve-2026-33825#cve-2026-33824#cve-2026-27908#cve-2026-26152

Original Reporting

SOSophos News

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, Microsoft fixed a lot of security holes in their software this month.

What Happened

On April Patch Tuesday, Microsoft released 163 patches affecting 17 product families. Among these, eight vulnerabilities were classified as Critical severity. Notably, CVE-2026-32201, a SharePoint spoofing vulnerability, is currently under active exploit in the wild. The company estimates that 24 CVEs are likely to be exploited within the next 30 days.

Who's Affected

The patches affect various Microsoft products, including Windows Server, Office, and Microsoft Defender. Users of these products, especially those with Defender enabled, should prioritize updating to mitigate risks from the vulnerabilities.

What Data Was Exposed

The vulnerabilities could potentially allow attackers to execute remote code, elevate privileges, or spoof user identities. For instance, the SharePoint vulnerability could enable unauthorized users to read or modify sensitive data, heightening the risk of social engineering attacks.

What You Should Do

Users and administrators should:

Containment

1.Immediately install the latest patches from Microsoft to protect against known vulnerabilities.
2.Monitor for updates on CVE-2026-32201 and other critical vulnerabilities that may be actively exploited.

Remediation

No additional steps required at this time.

Notable Vulnerabilities

CVE-2026-33824

A Critical-severity Remote Code Execution vulnerability with a CVSS score of 9.8 was discovered in the Internet Key Exchange service. Temporary mitigation is advised until the patch is applied.

CVE-2026-33825

This Microsoft Defender vulnerability allows local privilege escalation. It has been publicly disclosed and should be patched promptly.

CVE-2026-32201

The SharePoint vulnerability is a zero-day issue that could allow unauthorized access to sensitive data. Prioritize patching this vulnerability as it is currently being exploited.

Conclusion

April's Patch Tuesday highlights the importance of timely updates in maintaining security. With 251 items of concern this month, including advisories from Adobe and Chrome, users must stay vigilant and proactive in applying these crucial updates.

🔒 Pro Insight

🔒 Pro insight: The high volume of critical vulnerabilities this month signals an urgent need for organizations to enhance their patch management processes.

A critical vulnerability in Carlson Software's VASCO-B GNSS Receiver has been discovered, allowing remote attacks. Users must update to version 1.4.0 or higher to protect against potential disruptions.

CICISA Advisories

Apr 23, 2026

Read Ping Read Source