Patch Tuesday - April 2026

Microsoft's April 2026 Patch Tuesday addresses 167 vulnerabilities, including three zero-days actively exploited or publicly disclosed. The most critical issue is CVE-2026-33824, an unauthenticated remote code execution vulnerability in Windows Internet Key Exchange (IKE) Services with a CVSS score of 9.8. Additionally, CVE-2026-32201 affects SharePoint Server with active exploitation, and CVE-2026-33825 allows privilege escalation in Microsoft Defender. The surge in vulnerability reports is attributed to expanding AI capabilities aiding research. Immediate patching is required for all supported Windows and SharePoint versions to prevent initial access and system compromise. Administrators should prioritize the IKE vulnerability due to its pre-authentication nature and network exposure. Mitigations include restricting UDP traffic if patching is delayed. This release highlights the increasing volume of security defects driven by automated discovery tools.

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above. Increasing volumes of vulnerabilities Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category. It might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing , but this is not the case. Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday. This reflects a significant industry-wide uptick in the volume of vulnerability reports over the past few weeks. A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities. We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability. SharePoint: zero-day spoofing When everything is changing rapidly, it can be tempting to look to familiar things for comfort. SharePoint admins should start by addressing CVE-2026-32201 , an exploited-in-the-wild spoofing vulnerability. The advisory doesn’t offer much detail, but does mention CWE-20: Improper Input Validation and low impact to confidentiality and integrity, with no impact to availability. Of course, the greatest attacker impact is typically achieved by chaining together multiple vulnerabilities that by themselves might not seem so bad. Ever-increasing novel AI capabilities in offensive cybersecurity now appear to provide real competition for all but the most elite human researchers; if it was ever valid to suppose that a vulnerability with a CVSS v3 base score of 6.5 was unlikely to cause much pain, it’s certainly not a safe defensive assumption in 2026. Patches are available for all supported versions of SharePoint, including SharePoint 2016, which moves beyond extended support on July 14, 2026. Defender: zero-day elevation of privilege Microsoft Defender receives a patch today for CVE-2026-33825 , a local privilege escalation vulnerability for which Microsoft is aware of public disclosure. Successful exploitation leads to SYSTEM privileges, so this is certainly worth patching sooner rather than later. Microsoft points out that no action should be required to install this update, since the Microsoft Defender Antimalware Platform automatically updates by default. A further silver lining is that systems that have disabled Microsoft Defender are not in an exploitable state. Hopefully, any such system is running a suitable third-party replacement for Defender’s capabilities. Windows [I don’t like] IKE: zero-day pre-auth RCE The Windows Internet Key Exchange (IKE) Services Extensions is the site of CVE-2026-33824 , a critical unauthenticated remote code execution vulnerability. Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution. Vulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we’d see more wormable vulnerabilities self-propagating across the internet. However, since IKE provides secure tunnel negotiation services, for instance for VPNs, it is necessarily exposed to untrusted networks and reachable in a pre-authorization context. It’s hard to imagine this turning into a rampaging internet-wide worm, but there’s plenty of scope for initial access abuse, so this IKE vulnerability is still yikes. The advisory does contain a section with potential mitigations for anyone unable to patch immediately, which center on least-privilege restriction of relevant UDP traffic. This same portion of the advisory also furnishes a helpful link to the definition of the word “mitigations” in the MSDN glossary. All versions of Windows back as far as Server 2016 and Windows 10 1607 LTSC receive patches. The advisory credits both the WARP and MORSE (Microsoft Offensive Research & Security Engineering) teams at Microsoft. MORSE appears in Acknowledgements over the past few years, but today marks the first explicit mention of WARP in a Microsoft security advisory Acknowledgements section; we can speculate that WARP is an internal designator for the Microsoft Windows Enterprise Security Team. Microsoft lifecycle update In Microsoft lifecycle news, extended support ends April 14, 2026 for a wide range of Microsoft product legacy enterprise tools, including Dynamics C5 2016 , Dynamics NAV 2016 , App-V 5.0 and App-V 5.1 , UE-V 2.1 , and BitLocker Administration and Monitoring 2.5 SP1 . Microsoft .NET 9 STS (Standard Term Support, as distinct from Long Term Support) was originally scheduled to move past the end of support in May 2026, but late last year, Microsoft granted a six-month extension , so that .NET 9 STS now reaches end of support on November 10, 2026. Summary charts Summary tables Azure vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 Developer Tools vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-26171 .NET Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-32226 .NET Framework Denial of Service Vulnerability Exploitation Less Likely No 5.9 CVE-2026-23666 .NET Framework Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-32178 .NET Spoofing Vulnerability Exploitation Less Likely No 7.5 CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability Exploitation Less Likely No 5.7 CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes Exploitation Less Likely No 7.4 CVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers N/A No 7.5 CVE-2026-26143 Microsoft PowerShell Security Feature Bypass Vulnerability Exploitation Less Likely No 7.8 ESU vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32072 Active Directory Spoofing Vulnerability Exploitation Less Likely No 6.2 CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Exploitation Less Likely No 5.5 CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability Exploitation Less Likely No 8.4 CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix Exploitation Less Likely No 6.0 CVE-2026-32081 Package Catalog Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 8.8 CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26151 Remote Desktop Spoofing Vulnerability Exploitation More Likely No 7.1 CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation More Likely No 6.7 CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-33104 Win32k Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability Exploitation More Likely No 8.0 CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability Exploitation Less Likely No 6.1 CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely No 7.7 CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability Exploitation Less Likely No 4.6 CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability Exploitation More Likely No 8.4 CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-27931 Windows GDI Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-27930 Windows GDI Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability Exploitation More Likely No 4.4 CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 7.3 CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability Exploitation Less Likely No 8.0 CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability Exploitation More Likely No 6.1 CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability Exploitation Less Likely No 4.6 CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability Exploitation Less Likely No 7.5 CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32151 Windows Shell Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability Exploitation More Likely No 8.8 CVE-2026-32202 Windows Shell Spoofing Vulnerability Exploitation More Likely No 4.3 CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability Exploitation Unlikely No 4.3 CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability Exploitation Less Likely No 7.4 CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Exploitation Less Likely No 5.7 CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 Microsoft Dynamics vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-26149 Microsoft Power Apps Security Feature Bypass Exploitation Less Likely No 9.0 Microsoft Office vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32188 Microsoft Excel Information Disclosure Vulnerability Exploitation Less Likely No 7.1 CVE-2026-32189 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32197 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Detected No 6.5 CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability Exploitation Less Likely No 6.1 CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33114 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-33115 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 Open Source Software vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-40386 n/a No 4.0 CVE-2026-40385 n/a No 4.0 CVE-2026-40393 n/a No 8.1 CVE-2026-31416 netfilter: nfnetlink_log: account for netlink header size n/a No 8.1 CVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() n/a No 5.5 CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP n/a No 5.5 CVE-2026-31417 net/x25: Fix overflow when accumulating packets n/a No 8.1 CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks n/a No 5.5 CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper n/a No 8.1 CVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp n/a No 7.8 CVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() n/a No 5.5 CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast() n/a No 7.1 CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic n/a No 5.5 CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks n/a No 5.5 CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD n/a No 5.5 CVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_del n/a No 8.1 SQL Server vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability Exploitation Less Likely No 8.8 CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability Exploitation Less Likely No 6.7 CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability Exploitation Less Likely No 6.7 System Center vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8 Windows vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32072 Active Directory Spoofing Vulnerability Exploitation Less Likely No 6.2 CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability Exploitation Less Likely No 5.3 CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Exploitation Less Likely No 5.5 CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33096 HTTP.sys Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability Exploitation Less Likely No 8.4 CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix Exploitation Less Likely No 6.0 CVE-2026-32081 Package Catalog Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 8.8 CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26151 Remote Desktop Spoofing Vulnerability Exploitation More Likely No 7.1 CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation More Likely No 6.7 CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 4.4 CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-33104 Win32k Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability Exploitation More Likely No 8.0 CVE-2026-32196 Windows Admin Center Spoofing Vulnerability Exploitation Less Likely No 6.1 CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability Exploitation Less Likely No 6.1 CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely No 7.7 CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability Exploitation Less Likely No 4.6 CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability Exploitation More Likely No 8.4 CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-27931 Windows GDI Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-27930 Windows GDI Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability Exploitation More Likely No 4.4 CVE-2026-27928 Windows Hello Security Feature Bypass Vulnerability Exploitation Less Likely No 8.7 CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 7.3 CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability Exploitation Less Likely No 8.0 CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32195 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability Exploitation More Likely No 6.1 CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33101 Windows Print Spooler Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability Exploitation Less Likely No 4.6 CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability Exploitation Less Likely No 5.5 CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability Exploitation Less Likely No 7.5 CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32151 Windows Shell Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability Exploitation More Likely No 8.8 CVE-2026-32202 Windows Shell Spoofing Vulnerability Exploitation More Likely No 4.3 CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability Exploitation Unlikely No 4.3 CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation More Likely No 7.0 CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability Exploitation Less Likely No 7.4 CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability Exploitation Less Likely No 6.8 CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Exploitation Less Likely No 5.7 CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 Zero-Day Vulnerabilities: Known Exploited CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Detected No 6.5 Zero-Day Vulnerabilities: Publicly Disclosed (No known exploitation) CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8 Critical RCEs and EoPs CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability Exploitation Less Likely No 9.8

Microsoft's April 2026 Patch Tuesday addresses 167 vulnerabilities, including three zero-days actively exploited or publicly disclosed. The most critical issue is CVE-2026-33824, an unauthenticated remote code execution vulnerability in Windows Internet Key Exchange (IKE) Services with a CVSS score of 9.8. Additionally, CVE-2026-32201 affects SharePoint Server with active exploitation, and CVE-2026-33825 allows privilege escalation in Microsoft Defender. The surge in vulnerability reports is attributed to expanding AI capabilities aiding research. Immediate patching is required for all supported Windows and SharePoint versions to prevent initial access and system compromise. Administrators should prioritize the IKE vulnerability due to its pre-authentication nature and network exposure. Mitigations include restricting UDP traffic if patching is delayed. This release highlights the increasing volume of security defects driven by automated discovery tools. Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above. Increasing volumes of vulnerabilities Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category. It might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing , but this is not the case. Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday. This reflects a significant industry-wide uptick in the volume of vulnerability reports over the past few weeks. A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities. We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability. SharePoint: zero-day spoofing When everything is changing rapidly, it can be tempting to look to familiar things for comfort. SharePoint admins should start by addressing CVE-2026-32201 , an exploited-in-the-wild spoofing vulnerability. The advisory doesn’t offer much detail, but does mention CWE-20: Improper Input Validation and low impact to confidentiality and integrity, with no impact to availability. Of course, the greatest attacker impact is typically achieved by chaining together multiple vulnerabilities that by themselves might not seem so bad. Ever-increasing novel AI capabilities in offensive cybersecurity now appear to provide real competition for all but the most elite human researchers; if it was ever valid to suppose that a vulnerability with a CVSS v3 base score of 6.5 was unlikely to cause much pain, it’s certainly not a safe defensive assumption in 2026. Patches are available for all supported versions of SharePoint, including SharePoint 2016, which moves beyond extended support on July 14, 2026. Defender: zero-day elevation of privilege Microsoft Defender receives a patch today for CVE-2026-33825 , a local privilege escalation vulnerability for which Microsoft is aware of public disclosure. Successful exploitation leads to SYSTEM privileges, so this is certainly worth patching sooner rather than later. Microsoft points out that no action should be required to install this update, since the Microsoft Defender Antimalware Platform automatically updates by default. A further silver lining is that systems that have disabled Microsoft Defender are not in an exploitable state. Hopefully, any such system is running a suitable third-party replacement for Defender’s capabilities. Windows [I don’t like] IKE: zero-day pre-auth RCE The Windows Internet Key Exchange (IKE) Services Extensions is the site of CVE-2026-33824 , a critical unauthenticated remote code execution vulnerability. Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution. Vulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we’d see more wormable vulnerabilities self-propagating across the internet. However, since IKE provides secure tunnel negotiation services, for instance for VPNs, it is necessarily exposed to untrusted networks and reachable in a pre-authorization context. It’s hard to imagine this turning into a rampaging internet-wide worm, but there’s plenty of...