Microsoft April 2026 Patch Tuesday Fixes 167 Flaws — SharePoint Zero-Day Actively Exploited
Summary
Microsoft’s April 2026 Patch Tuesday is one of the largest on record, addressing a staggering 167 security vulnerabilities across Windows and related software. The most urgent fix targets CVE-2026-32201, a zero-day in SharePoint Server that is actively being exploited in the wild. The flaw allows attackers to spoof trusted content and interfaces, enabling phishing campaigns, unauthorized data manipulation, and social engineering attacks against enterprise environments.
Among the other critical fixes is “BlueHammer” (CVE-2026-33825), a privilege escalation bug in Windows Defender whose exploit code was publicly released after the discovering researcher grew frustrated with Microsoft’s slow response. A critical remote code execution vulnerability in Windows Active Directory (CVE-2026-33826) rounds out the high-severity highlights, allowing authenticated attackers to execute malicious code across enterprise networks. Additional critical RCEs affect Windows TCP/IP, Remote Desktop Client, and Internet Key Exchange (IKE) service extensions.
CISA has added CVE-2026-32201 to its Known Exploited Vulnerabilities (KEV) catalog, urging all federal agencies and organizations to patch immediately.
Sources
Commentary
167 patches in a single release is exhausting for any security team, but the SharePoint zero-day demands immediate attention. SharePoint sits at the heart of document management and collaboration for most enterprises — a spoofing vulnerability there is a phishing operator’s dream. The “BlueHammer” saga is also worth watching: when researchers resort to public exploit disclosure out of frustration, the window between patch and widespread exploitation shrinks to hours, not days.
The Active Directory RCE is arguably the most dangerous from a blast-radius perspective. AD compromise means domain compromise, and in many organizations that’s effectively game over. If you haven’t patched yet, stop reading and start deploying. This is a “drop everything” Patch Tuesday.
