Microsoft's April 2026 Patch Tuesday addressed 165 CVEs, including CVE-2026-32201 (CVSS 6.5), an actively exploited SharePoint spoofing vulnerability caused by improper input validation that allows network-based attackers to manipulate displayed information for phishing or data manipulation. Affected versions are Microsoft SharePoint Server before version 16.0.19725.20210, including versions 2016 and 2019, with the fix provided in version 16.0.19725.20210. Another notable patch is CVE-2026-33825 (CVSS 7.8), a publicly disclosed privilege escalation flaw in Microsoft Defender.
Patches Microsoft's massive Patch Tuesday: It's raining bugs One CVE under attack, one already disclosed by angry bug hunter, and 163 more Jessica Lyons Tue 14 Apr 2026 // 20:40 UTC Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday. The monthly patch party included a whopping 165 new Microsoft CVEs . And the bug under active exploitation, CVE-2026-32201 , is due to improper input validation in SharePoint that allows an unauthorized attacker to perform spoofing over a network. This could allow someone to view sensitive information and make changes to disclosed information. "By exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content," Mike Walters, president and cofounder of patch management provider Action1, told us, adding that this bug can be abused in phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise. "The flaw lets attackers fake trust at scale: what looks legitimate may actually be a carefully crafted deception," Walters said. "It can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments." Redmond did not provide any details about how this security hole is being abused in the wild - nor who disclosed it. Maybe Mythos , or another bug-hunting AI ? The Register asked Microsoft to provide additional information, and did not receive an immediate response. As Zero Day Initiative chief vuln finder Dustin Childs noted in his monthly PT writeup, this is - by his count - Microsoft's second-largest monthly CVE release ever. "There are many things we could speculate on to justify the size, but if Microsoft is like the other programs out there (including ours), they are likely seeing a rise in submissions found by AI tools," Childs wrote. Anthropic: All your zero-days are belong to Mythos AI has gotten good at finding bugs, not so good at swatting them Azure issues not adequately fixed for months, complain bug hunters Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum While CVE-2026-32201 is the only bug out of the 165 new CVEs listed as under active exploitation - at the time of release, anyway - another bug is publicly known. This one, tracked as CVE-2026-33825 , is an elevation of privilege flaw in Microsoft Defender. While Microsoft doesn't mention this in its advisory, other security shops pointed out that the Defender bug matches exploit code called BlueHammer , published on GitHub earlier this month by a disgruntled researcher calling themselves "Chaotic Eclipse." It seems they were none too happy with Microsoft's disclosure process. "I never wanted to reopen a blog and a new github account to drop code... But someone violated our agreement and left me homeless with nothin…," Chaotic Eclipse wrote on April 2. They aren't the first to criticize Redmond's bug reporting process and response to researchers . "I won't add on to the commentary from the researcher about working with Microsoft," Childs wrote. "I'm just glad they are offering a fix for the vulnerability. If you rely on Defender, test and deploy this one quickly." ® Share More about Microsoft Patch Tuesday Security More like these × More about Microsoft Patch Tuesday Security Narrower topics 2FA Active Directory Advanced persistent threat Application Delivery Controller Authentication Azure BEC Bing Black Hat BSides BSoD Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Excel Exchange Server Exploit Firewall Google Project Zero Hacker Hacking Hacktivism HoloLens Identity Theft Incident response Infosec Infrastructure Security Internet Explorer Kenna Security LinkedIn Microsoft 365 Microsoft Build Microsoft Edge Microsoft Fabric Microsoft Ignite Microsoft Office Microsoft Surface Microsoft Teams NCSAM NCSC .NET Office 365 OS/2 Outlook Palo Alto Networks Password Personally Identifiable Information Phishing Pluton Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference SharePoint Skype Software Bill of Materials Spamming Spyware SQL Server Surveillance TLS Trojan Trusted Platform Module Visual Studio Visual Studio Code Vulnerability Wannacry Windows Windows 10 Windows 11 Windows 7 Windows 8 Windows Server Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2013 Windows Server 2016 Windows Subsystem for Linux Windows XP Xbox Xbox 360 Zero trust Broader topics Bill Gates Patch Patch Management More about Share POST A COMMENT More about Microsoft Patch Tuesday Security More like these × More about Microsoft Patch Tuesday Security Narrower topics 2FA Active Directory Advanced persistent threat Application Delivery Controller Authentication Azure BEC Bing Black Hat BSides BSoD Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Excel Exchange Server Exploit Firewall Google Project Zero Hacker Hacking Hacktivism HoloLens Identity Theft Incident response Infosec Infrastructure Security Internet Explorer Kenna Security LinkedIn Microsoft 365 Microsoft Build Microsoft Edge Microsoft Fabric Microsoft Ignite Microsoft Office Microsoft Surface Microsoft Teams NCSAM NCSC .NET Office 365 OS/2 Outlook Palo Alto Networks Password Personally Identifiable Information Phishing Pluton Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference SharePoint Skype Software Bill of Materials Spamming Spyware SQL Server Surveillance TLS Trojan Trusted Platform Module Visual Studio Visual Studio Code Vulnerability Wannacry Windows Windows 10 Windows 11 Windows 7 Windows 8 Windows Server Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2013 Windows Server 2016 Windows Subsystem for Linux Windows XP Xbox Xbox 360 Zero trust Broader topics Bill Gates Patch Patch Management TIP US OFF Send us news