Microsoft’s April Patch Tuesday Addresses 167 Vulnerabilities, Including Critical Exploits in the Wild
Microsoft has reported the discovery of active exploitation in the wild related to one of the vulnerabilities disclosed today, alongside public acknowledgment of another. Among the vulnerabilities addressed, 19 are assessed as having a higher likelihood of future exploitation. In total, Microsoft has issued patches for 80 browser vulnerabilities this month, which are not included in the Patch Tuesday tally.
Significant Increase in Vulnerability Reports
Those tracking Patch Tuesday updates will note that the number of vulnerabilities reported this month is markedly higher than usual, particularly in the browser category. Just last week, Microsoft set a record by releasing patches for 60 browser vulnerabilities in a single day. While some may speculate that this surge correlates with the recent announcement of Project Glasswing, this connection has been clarified as unfounded.
The Microsoft Edge browser, built on the Chromium engine, has seen a significant number of vulnerabilities reported. The Chromium maintainers have acknowledged contributions from a broad spectrum of researchers, indicating a notable increase in vulnerability reports across the industry in recent weeks.
This uptick in reported vulnerabilities can be attributed to advancements in cybersecurity research methodologies and tools, which are becoming increasingly sophisticated. As the capabilities of these tools expand, it is anticipated that the volume of vulnerability reports will continue to rise.
Addressing Critical Vulnerabilities
SharePoint administrators are urged to prioritize the remediation of CVE-2026-32201, a spoofing vulnerability that is currently being exploited in the wild. While the advisory lacks extensive details, it highlights issues related to improper input validation and indicates a low impact on confidentiality and integrity, with no effect on availability. However, it is crucial to recognize that attackers often achieve significant impact by chaining multiple vulnerabilities together, which can amplify their overall threat.
The evolving landscape of offensive cybersecurity, driven by advanced technologies, presents new challenges. A vulnerability with a CVSS v3 base score of 6.5, once considered low-risk, may no longer be a safe assumption for defenders in 2026. Patches are available for all supported versions of SharePoint, including SharePoint 2016, which is set to exit extended support on July 14, 2026.
Microsoft Defender has also received an important patch for CVE-2026-33825, a local privilege escalation vulnerability that has been publicly disclosed. Successful exploitation of this vulnerability could grant SYSTEM privileges, making timely patching essential. Microsoft has indicated that no user action is required for this update, as the Microsoft Defender Antimalware Platform updates automatically by default.
Remote Code Execution Vulnerabilities
The Windows Internet Key Exchange (IKE) Services Extensions have been identified as the source of CVE-2026-33824, a critical unauthenticated remote code execution vulnerability. Exploitation of this vulnerability requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, potentially allowing for remote code execution.
Unauthenticated remote code execution vulnerabilities against modern Windows systems are relatively rare, which limits the number of self-propagating wormable vulnerabilities on the internet. However, given that IKE provides secure tunnel negotiation services, such as for VPNs, it is exposed to untrusted networks and can be accessed in a pre-authorization context. While it may not lead to widespread internet worms, the potential for initial access abuse remains a significant concern.
The advisory includes mitigations for organizations unable to apply patches immediately, focusing on restricting relevant UDP traffic to the least privilege necessary. This section also provides a link to the definition of “mitigations” in the MSDN glossary. Patches are available for all Windows versions dating back to Server 2016 and Windows 10 1607 LTSC.
Acknowledgments and Lifecycle Updates
The advisory credits both the WARP and Microsoft Offensive Research & Security Engineering (MORSE) teams for their contributions. While MORSE has been acknowledged in previous advisories, this marks the first explicit mention of WARP, which may refer to the Microsoft Windows Enterprise Security Team.
In lifecycle news, extended support for a range of legacy Microsoft enterprise tools, including Dynamics C5 2016, Dynamics NAV 2016, App-V 5.0, App-V 5.1, UE-V 2.1, and BitLocker Administration and Monitoring 2.5 SP1, ended on April 14, 2026. Microsoft .NET 9 STS, initially scheduled to reach the end of support in May 2026, has received a six-month extension, now set to end on November 10, 2026.
For further insights into these vulnerabilities and their implications, refer to the comprehensive analysis available at Cyber Daily.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
