Overview
- Microsoft, which released the April Patch Tuesday updates Tuesday, addressed about 165–167 Microsoft flaws and closed two zero-days, including an exploited SharePoint spoofing bug tracked as CVE-2026-32201.
- CISA added CVE-2026-32201 to its Known Exploited Vulnerabilities list and directed U.S. agencies to patch by April 28.
- Microsoft also fixed a Defender privilege-escalation flaw that granted SYSTEM access and pushed an automatic Antimalware Platform update, version 4.18.26050.3011, crediting Zen Dodd and Yuanpei XU of Diffract.
- Analysts highlighted critical remote code execution risks in Windows TCP/IP (CVE-2026-33827) and Active Directory (CVE-2026-33826), plus Office bugs that can run code from the preview pane or when opening a booby-trapped file, with 19 issues labeled more likely to be exploited.
- Patch counts vary by methodology, with SANS reporting 243 total when including 78 Chromium fixes for Edge and eight Critical non‑Edge bugs, while BleepingComputer lists 167 Microsoft fixes released for the day.