Microsoft just dropped one of its biggest Patch Tuesday releases in years, and yesterday was a busy day for Windows and Microsoft 365 admins. The April 2026 Patch Tuesday update addresses more than 160 security vulnerabilities across Windows, Microsoft Defender, SharePoint, and other products, including two zero‑day flaws—one of which is already being actively exploited in the wild.
Depending on how you count, Microsoft is publishing fixes for roughly 163–167 CVEs this month, with reports of 11–19 of those being rated Critical and two tagged as zero‑days. One zero‑day involves Microsoft SharePoint Server (CVE‑2026‑32201), while another affects Windows components and was publicly disclosed prior to the patch release.
Two zero‑days: SharePoint and Defender
The headline bug this month is a SharePoint Server zero‑day, tracked as CVE‑2026‑32201, that Microsoft confirms has been exploited in the wild. Security researchers describe it as a SharePoint spoofing or XSS‑style issue that can allow attackers to view or modify information on vulnerable SharePoint servers, making it a serious risk for organizations hosting internal sites and apps on-prem or in hybrid deployments.
On top of that, Microsoft Defender is getting a fix for a local privilege escalation vulnerability (CVE‑2026‑33825) that security firms say has public exploit details available. While this bug requires local access, chaining it with other exploits could let attackers elevate from a low‑privilege foothold to full system control on Windows devices where Defender is enabled by default.
Windows 11 and Windows 10 updates: KB5083769, KB5082052, KB5082200
On the Windows side, Patch Tuesday arrives as cumulative updates for supported versions of Windows 11 and Windows 10. For Windows 11, versions 25H2 and 24H2 are getting KB5083769, while Windows 11 version 23H2 receives KB5082052. These updates roll up security fixes for the 160‑plus CVEs as well as non‑security improvements and will install automatically on consumer devices unless Windows Update has been paused.
Windows 10 customers who are in the Extended Security Updates (ESU) phase are also covered. Microsoft has released KB5082200 as an extended security update for Windows 10, specifically to bring the April 2026 Patch Tuesday fixes—including the zero‑days—to older machines still under ESU support. For organizations with mixed fleets spanning Windows 10 and Windows 11, this month’s updates are a good chance to normalize patch levels across the board.
One of the largest Patch Tuesdays on record
Security researchers are calling April 2026 the second‑largest Patch Tuesday in Microsoft’s history by sheer defect count. Microsoft itself lists 167 vulnerabilities resolved this month, while some vendors, depending on how they categorize certain components and edge cases, put the total at 163–168—still a huge number. Several of the Critical bugs touch networking and secure communications features such as Windows IKE extensions and other components that could potentially allow remote code execution on exposed systems.
This Patch Tuesday also includes an important milestone for Secure Boot. With older Secure Boot certificate chains expiring on June 26, 2026, Microsoft is using the April update to start rolling out new certificate configurations and surfacing additional reporting through updated security dashboards, so organizations can track their readiness ahead of that deadline.
What admins should prioritize
Given the sheer volume of vulnerabilities, it’s not realistic for most organizations to treat all of them equally. Based on vendor guidance and Microsoft’s own exploitation probability data, the highest‑priority items are:
-
SharePoint zero‑day CVE‑2026‑32201 on SharePoint servers.
-
The Windows Defender privilege escalation vulnerability CVE‑2026‑33825, given Defender’s ubiquity.
-
Remote code execution bugs in Windows networking components, such as IKE and other TCP/IP‑adjacent services that are reachable over the network.
-
Any flaws flagged as “more likely to be exploited,” of which Microsoft reportedly lists 19 this month.
Admins should also review the browser updates (Edge and Chromium‑based) delivered earlier this month, as Microsoft notes that roughly 80 browser vulnerabilities were patched separately from the core Patch Tuesday numbers. Failing to apply those updates could leave endpoints exposed to web‑based attacks even if OS patches are current.
What this means for you
For enterprise IT and security teams, this is not a month to defer patching. With at least one confirmed exploited zero‑day in SharePoint and a Defender privilege escalation bug in the mix, April’s Patch Tuesday represents a real‑world risk rather than a purely theoretical one. Organizations running SharePoint on‑prem, large Windows 11 fleets, or still‑supported Windows 10 installs should prioritize testing and deployment of these updates as early as change windows allow.
For home users, the recommendation is simpler: unless you’re seeing major issues reported for your specific device, let Windows Update do its thing. The combination of active exploitation and a high number of remote‑exploitable bugs means the risk of staying unpatched this month likely outweighs the risk of installing the updates for most people.
Related Posts You Might Like
- Best Buy Foundation And Xbox Bring Game Camp To Minneapolis Teens This Summer 2026
- The Windows 11 April 2026 Update Is Breaking PCs for Some Users—Should You Pause Updates?
- Big Microsoft 365 Copilot Changes Land Today: New Names and Chat Limits for Unlicensed Users
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
