Microsoft Patches 163 Flaws Including Exploited SharePoint Bug and Defender Zero-Day
Microsoft released fixes for 163 vulnerabilities in its April Patch Tuesday update, marking one of its largest security releases on record. The bundle includes 8 Critical flaws, 154 Important issues, and 1 Moderate bug, with seven of the Critical vulnerabilities enabling remote code execution across products and components including Windows TCP/IP, Windows IKE Service Extensions, Active Directory, Remote Desktop Client, Microsoft Office, and Microsoft Word. Belgian authorities urged organizations to apply the updates immediately.
The most urgent issues include CVE-2026-32201, an actively exploited Microsoft SharePoint Server vulnerability that was added to CISA’s Known Exploited Vulnerabilities catalog, and CVE-2026-33825 in Microsoft Defender, a publicly disclosed zero-day tied to proof-of-concept code associated with the BlueHammer exploit. Microsoft also shipped Windows 11 cumulative updates with security hardening changes, including safer handling of .rdp files and improved visibility into Secure Boot certificates, while the broader patch set addressed numerous elevation-of-privilege and security feature bypass flaws that could support post-compromise escalation.
Timeline
Apr 22, 2026
Shadowserver finds 1,300+ SharePoint servers still unpatched after April fixes
After Microsoft's April 2026 Patch Tuesday, Shadowserver reported that more than 1,300 internet-exposed SharePoint servers remained unpatched against CVE-2026-32201. The finding highlighted continued exposure of vulnerable SharePoint Enterprise Server 2016, SharePoint Server 2019, and Subscription Edition systems despite available fixes.
Apr 15, 2026
Microsoft ships Windows 11 hardening updates with April 2026 patches
Alongside Patch Tuesday, Microsoft released Windows 11 cumulative updates containing security hardening changes. These included safer handling of .rdp files and improvements to Secure Boot certificate visibility.
Apr 15, 2026
Microsoft releases April 2026 Patch Tuesday fixes for 163 CVEs
Microsoft's April 2026 Patch Tuesday addressed 163 vulnerabilities, including eight Critical flaws, one publicly disclosed zero-day, and one vulnerability under active exploitation. The release was described as the second-largest Patch Tuesday on record.
Apr 15, 2026
CISA catalogs SharePoint flaw CVE-2026-32201 as actively exploited
CVE-2026-32201 in Microsoft SharePoint Server was added to CISA's Known Exploited Vulnerabilities Catalog after evidence of active exploitation in the wild. The designation elevated the flaw's urgency ahead of or alongside Microsoft's April 2026 fixes.
Apr 15, 2026
BlueHammer PoC publicly discloses Microsoft Defender flaw CVE-2026-33825
CVE-2026-33825 in Microsoft Defender was publicly disclosed with proof-of-concept code associated with the "BlueHammer" exploit. This made it one of the most urgent issues addressed in Microsoft's April 2026 security updates.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
1 more from sources like tenable cve feed
Related Stories
Microsoft fixes exploited SharePoint flaw in massive Patch Tuesday release
Microsoft released fixes for **165 vulnerabilities** across Windows, Office, SharePoint, Defender, SQL Server, Azure, .NET, and other products in one of its largest Patch Tuesday updates on record. The most urgent issue was **CVE-2026-32201**, an **actively exploited** improper input validation flaw in **SharePoint Server** that enables unauthenticated network-based spoofing and was immediately added to **CISA's Known Exploited Vulnerabilities** catalog. Microsoft also patched **CVE-2026-33825**, a publicly known **Microsoft Defender** privilege-escalation bug with proof-of-concept code, and **CVE-2026-33824**, a critical **remote code execution** flaw in **Windows IKE Service Extensions** affecting IPsec/VPN infrastructure. Researchers flagged **CVE-2026-33827** in **Windows TCP/IP** as potentially **wormable** under certain IPv6 and IPSec configurations. Other high-impact fixes include **CVE-2026-33120**, a **SQL Server remote code execution** flaw that paired with a separate privilege escalation bug (**CVE-2026-32176**) could enable full server compromise, and **CVE-2026-32220**, a **UEFI Secure Boot bypass** that could allow untrusted code to load during the boot process. The release also addressed elevation of privilege flaws across Desktop Window Manager, WinSock, TDI Translation Driver, Windows Push Notifications, Function Discovery Service, WSUS, Remote Desktop Licensing, Azure Monitor Agent, and Windows kernel components; security feature bypasses in Windows Hello, PowerShell, BitLocker, and Windows Shell; information disclosure bugs in Windows GDI, Print Spooler, Web Account Manager, UPnP Device Host, and the Windows kernel; and denial-of-service issues in .NET/Visual Studio and Windows RDBSS. Cumulative updates for Windows Server 2022 and 23H2 bundled security hardening for Kerberos, RDP, Secure Boot, and WDS, with Microsoft warning that Secure Boot certificates begin expiring in June 2026.
2 weeks ago
Microsoft March 2026 Patch Tuesday Fixes Two Zero-Days and Dozens of Vulnerabilities
Microsoft’s March 2026 Patch Tuesday shipped fixes for **79 vulnerabilities**, including **two zero-day flaws**. Public reporting and third-party patch reviews highlight a mix of *Important* and *Critical* issues across Microsoft’s ecosystem, including **.NET** (`CVE-2026-26127` DoS; `CVE-2026-26131` EoP), **Active Directory Domain Services** (`CVE-2026-25177` EoP), **ASP.NET Core** (`CVE-2026-26130` DoS), and multiple Azure components such as **ACI Confidential Containers** (`CVE-2026-23651`, `CVE-2026-26124` EoP; `CVE-2026-26122` information disclosure) and **Azure IoT Explorer** (`CVE-2026-26121` spoofing; `CVE-2026-23661/23662/23664` information disclosure). Independent analysis (ZDI and SANS ISC) corroborated the breadth of affected products and provided additional scoring/metadata, including CVSS ratings and exploitability flags. ZDI’s review also called out additional *Critical* items in the release such as **Microsoft Office RCE** (`CVE-2026-26110`, `CVE-2026-26113`) and other high-impact vulnerabilities, while SANS ISC’s Patch Tuesday coverage additionally noted bundled **Chromium**-tracked fixes (multiple `CVE-2026-3536` through `CVE-2026-3544` entries) that commonly map to Microsoft’s browser/embedded Chromium components. Organizations should prioritize patching systems exposed to untrusted content or authentication boundaries (e.g., Office, AD DS, Azure agents/extensions) and validate deployment coverage across both Windows and cloud-connected workloads.
1 months ago
Microsoft January Patch Tuesday Fixes 114 Vulnerabilities Including Three Zero-Days
Microsoft’s January Patch Tuesday security updates addressed **114 vulnerabilities**, including **three zero-days** reported as publicly known and/or exploited. Reported issues span multiple Windows and Microsoft product components, including **Desktop Window Manager (DWM)**, legacy modem drivers, and core OS services, with a mix of **information disclosure**, **elevation of privilege (EoP)**, **security feature bypass**, and **remote code execution (RCE)** flaws. Technical highlights called out include **CVE-2023-31096** (Windows Agere Soft Modem Driver EoP), **CVE-2026-20805** (DWM information disclosure), and a **Secure Boot certificate expiration** security feature bypass (**CVE-2026-21265**). The update set also includes multiple **Office/Excel/Word RCE** vulnerabilities (e.g., **CVE-2026-20952**, **CVE-2026-20953**, **CVE-2026-20955**, **CVE-2026-20957**, **CVE-2026-20944**), Windows privilege-escalation issues (e.g., **Windows Graphics Component** and **VBS Enclave** EoP), and cloud/agent components such as **Azure Connected Machine Agent** (**CVE-2026-21224**) and **Azure Core shared client library for Python** (**CVE-2026-21226**).
1 months ago