MICROSOFT Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, making it one of the largest updates by CVE count, and included a critical SharePoint zero-day tracked as CVE-2026-32201 that has been exploited in the wild. Eight of the flaws are rated Critical, two are Moderate, and the rest are Important in severity, with CVE-2026-32201 described as a spoofing vulnerability in Microsoft SharePoint Server that could allow an attacker to view or modify exposed information.
The advisory notes that improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network, and exploitation could enable viewing sensitive information and modifying disclosed data.
Other notable entries include CVE-2026-33825 (CVSS 7.8) Defender Elevation of Privilege, CVE-2026-33827 (CVSS 8.1) Windows TCP/IP Remote Code Execution, and CVE-2026-33824 (CVSS 9.8) Windows IKE Service Extensions Remote Code Execution, with guidance to patch quickly to reduce exposure. According to ZDI, this release is one of the second-largest monthly patches in Microsoft’s history, underscoring the scale of fixes and the need for rapid triage and deployment.