MICROSOFT has published a higher-than-usual Patch Tuesday with fixes for two zero-days, including CVE-2026-32201, which is being actively exploited in the wild and is described as a SharePoint server spoofing vulnerability that allows an unauthorised attacker to manipulate how information is presented to users. By exploiting this flaw, an attacker can trick users into trusting malicious content, a risk commentators say could enable phishing, data manipulation, or social engineering campaigns.
According to Action1 president, Mike Walters, the CVE-2026-33825 elevation of privilege flaw in Microsoft Defender could enable a threat actor to gain system‑level access and, once exploited, enable data exfiltration, disabling security tools and lateral movement across networks.
The piece notes that EoP bugs dominate April, accounting for 93 flaws, with information disclosure, remote code execution and security feature bypass rounding out the next largest categories; Walters also highlights CVE-2026-33824, a remote code execution flaw in the Windows IKE service rated at a CVSS of 9.8. Jack Bicer, director of vulnerability research at Action1, warns that the CVE-2026-33825 could be chained with others in real-world attacks, increasing risk even in well-defended environments.