Microsoft has released a significant security update addressing 169 vulnerabilities across its product suite. Among these, a zero-day vulnerability in Microsoft SharePoint Server identified as CVE-2026-32201 has been exploited in the wild. This spoofing vulnerability allows unauthorized attackers to perform network-based spoofing, potentially tricking users into trusting malicious content. Although the vulnerability was discovered internally, the specifics of its exploitation remain unclear. The U.S. Cybersecurity and Infrastructure Security Agency has mandated federal agencies to address this issue by April 28, 2026.

The update also includes patches for a privilege escalation flaw in Microsoft Defender, known as CVE-2026-33825. This vulnerability, made public by a security researcher after a disclosure dispute, allows attackers to escalate privileges by exploiting the Defender update process. However, Microsoft states that systems with Defender enabled automatically receive the update without user intervention.

Another notable vulnerability addressed is a remote code execution flaw in Windows Internet Key Exchange Service Extensions, identified as CVE-2026-33824. With a CVSS score of 9.8, this vulnerability poses significant risk to systems using VPN or IPsec, as it could lead to complete system compromise without user interaction. The patch aims to prevent potential exploitation that could result in data theft or operational disruption.