🎯Microsoft just fixed a lot of security problems in its software, including one that hackers are already using to break in. They also found that while there are fewer problems overall, the ones that are left are much more serious, especially in programs like Office.
What Happened
This month, Microsoft rolled out a significant update that addresses 168 security vulnerabilities across its Windows operating systems and other software. Among these, one zero-day vulnerability (CVE-2026-32201) is currently being actively exploited, posing a significant risk to enterprises that utilize SharePoint for document management and collaboration. This urgent patch comes as a critical response to the growing threat landscape, where cybercriminals are constantly looking for ways to infiltrate systems.
In addition to the SharePoint vulnerability, Microsoft has issued an emergency out-of-band (OOB) security update for .NET 10, releasing version 10.0.7 on April 21, 2026. This update addresses a critical elevation of privilege vulnerability (CVE-2026-40372) discovered in the Microsoft.AspNetCore.DataProtection NuGet package. This flaw allows attackers to manipulate protected data, potentially leading to privilege escalation. The vulnerability affects applications using .NET versions 10.0.0 through 10.0.6, making it imperative for developers to upgrade immediately.
The April 2026 Patch Tuesday update also includes enhancements such as new protections against phishing attacks that utilize Remote Desktop Protocol (.rdp) files. When users open an .rdp file, the Remote Desktop application will now display all requested connection settings before establishing a connection, with each setting turned off by default. This feature aims to mitigate the risks associated with phishing attempts targeting Remote Desktop connections.
A recent report from BeyondTrust highlights a disturbing trend: while the total number of vulnerabilities in Microsoft software has decreased by 6% to 1,273, the number of critical flaws has doubled. Notably, vulnerabilities in Microsoft Office tripled to 157, indicating that while fewer vulnerabilities are being discovered, those that are found are increasingly severe. Attackers are exploiting vulnerabilities in the preview window of Office applications, allowing malicious code to run as soon as a user highlights an attachment.
The zero-day vulnerability in SharePoint allows attackers to conduct spoofing attacks, which can manipulate how information is presented to users, potentially tricking them into trusting malicious content. Security teams are urged to apply the patch immediately, as exploitation has already been confirmed.
What's at Risk
The update addresses various types of vulnerabilities, with 93 elevation of privilege flaws, 21 information disclosure vulnerabilities, and 20 remote code execution (RCE) vulnerabilities among the patched issues. The most critical flaws include:
CVE-2026-33826
CVE-2026-33824
CVE-2026-33825
CVE-2026-40372
Patch Status
Microsoft has released patches for all 168 vulnerabilities, and security teams should prioritize the following:
- CVE-2026-32201 (SharePoint) as an emergency patch due to confirmed exploitation.
- CVE-2026-33825 (Microsoft Defender) due to its public disclosure status.
- CVE-2026-40372 (.NET Data Protection) for its critical nature affecting many applications.
- All critical-rated RCE patches, particularly for Windows TCP/IP, Active Directory, and Remote Desktop Client.
Immediate Actions
If you use a Windows device or .NET applications, this update is crucial for your digital safety. Here’s what you should do right now: Experts are closely monitoring the situation to see how quickly attackers adapt to these patches. The next few weeks will be critical in determining whether these updates effectively mitigate the risks posed by the zero-day vulnerabilities and the newly discovered .NET flaw.
Containment
- 1.Install the updates as soon as possible to secure your systems.
- 2.For .NET developers, upgrade the Microsoft.AspNetCore.DataProtection package to version 10.0.7 immediately.
Remediation
- 3.Enable automatic updates to ensure you receive future patches promptly.
- 4.Stay informed about new vulnerabilities and threats.
The surge in critical vulnerabilities amidst a decline in overall flaws suggests that organizations need to adopt a more proactive approach to vulnerability management and patching strategies.
