Microsoft has rolled out its April 2026 Patch Tuesday update, addressing 168 vulnerabilities across its suite of products. Among these, a critical issue stands out: CVE-2026-32201, a Microsoft SharePoint Server Spoofing Vulnerability that is actively being exploited. This flaw allows attackers to execute spoofing attacks on SharePoint environments, posing a significant risk to organizations that depend on SharePoint for document management and collaboration. Security teams are strongly urged to apply the patch immediately to counter this threat.
Another important vulnerability, CVE-2026-33825, pertains to Microsoft Defender. Although no active exploitation has been reported, the vulnerability was publicly disclosed prior to the patch release, making it imperative for organizations to address it swiftly to prevent potential exploitation.
Out of the 168 vulnerabilities addressed, eight are classified as Critical, with most being Remote Code Execution vulnerabilities. The Windows TCP/IP and Active Directory RCE issues are particularly concerning due to the possibility of exploitation at the network level, without requiring user interaction in certain configurations.
This month's update affects a broad range of Microsoft products, including Windows Kernel, Windows Print Spooler, Azure Monitor Agent, and others. The Windows UPnP Device Host component has received multiple patches, highlighting Microsoft's focus on strengthening Windows networking subsystems. Given the breadth of these updates, security and IT teams must prioritize applying these patches to safeguard their environments against potential threats.


