MICROSOFT Patch Tuesday April 2026 patches a total of 243 vulnerabilities, with 78 of those being Chromium issues affecting Microsoft Edge that were released earlier, leaving 165 non-Edge flaws. Of the non-Edge items, eight are rated critical and 154 are important, and the update notes that one vulnerability has already been exploited while another was disclosed but not yet observed in the wild.
Notable entries include CVE-2026-33827, a Windows TCP/IP remote code execution race condition, and CVE-2026-33826, an active directory remote code execution vulnerability, among many others listed in the extensive table of CVEs. The Patch Tuesday release also highlights several Office and Defender-related flaws, such as CVE-2026-32190 for Microsoft Office remote code execution and CVE-2026-33825 for Defender elevation of privilege, both marked as important or higher.
The post presents a long catalogue of affected components, including Edge, SharePoint, .NET, and various Windows subsystems, emphasising the breadth and the ongoing risk posture across Microsoft’s software ecosystem. Published on 14 April 2026, the diary entry ends with a note that further MSFT details will be updated as pages respond.