Overview
- Microsoft issued its April Patch Tuesday updates Tuesday, fixing 165 flaws across Windows and Office and closing an exploited SharePoint zero-day and a publicly disclosed Microsoft Defender bug.
- CISA added the SharePoint flaw, CVE-2026-32201, to its Known Exploited Vulnerabilities catalog and set an April 28 deadline for federal agencies to patch.
- Exploit code for the Defender elevation-of-privilege bug, CVE-2026-33825, was posted on GitHub as “BlueHammer”, and Microsoft says Defender platforms update automatically.
- Admins are urged to prioritize critical remote code execution risks in Windows IKE (CVE-2026-33824) and TCP/IP (CVE-2026-33827), with temporary mitigations like blocking UDP 500 and 4500 where IKEv2 is not needed.
- Researchers report that elevation-of-privilege bugs dominate this release and that AI-driven discovery and public proof-of-concept code raise near-term attack odds, pushing organizations to patch quickly and watch internet-facing SharePoint and VPN endpoints.