Skip to content
Home » Microsoft April 2026 Patch Tuesday: 165 Flaws Fixed, Including two Zero-Days

Microsoft April 2026 Patch Tuesday: 165 Flaws Fixed, Including two Zero-Days

  • by Robeg
  • Security
Microsoft Patch Tuesday update April 2026

Microsoft’s April 2026 Patch Tuesday release addresses 165 vulnerabilities across Windows, Office, and other core Microsoft products. According to Bleeping Computer, this month’s rollout includes two zero-day vulnerabilities: CVE-2026-33825: An Elevation of Privilege flaw in Microsoft Defender and CVE-2026-32201: A Spoofing vulnerability in Microsoft SharePoint Server that is currently being exploited. This time, Microsoft also addresses eight “Critical” vulnerabilities that affect the Remote Desktop ClientMicrosoft OfficeWindows Operating Systems, and SharePoint. In addition, KB5083769 is available for Windows 11 versions 24H2 and  25H2, and KB5082200 is available for Windows 10 (ESU), with several functional improvements alongside security patches. Let’s take a look at what’s new on Microsoft’s April 2026 Patch Tuesday.

Overview of the April 2026 Patch Tuesday

  • Total vulnerabilities fixed: 167 across Windows, Office, and other core Microsoft products
  • Zero-day vulnerabilities: 2 publicly disclosed vulnerabilities (Microsoft Defender CVE-2026-33825 and Microsoft SharePoint Server CVE-2026-32201)
  • Critical vulnerabilities: A total of eight “Critical” vulnerabilities were addressed. 7 of which are remote code execution flaws and the other is a denial of service flaw.
  • Affected products: Windows 10, Windows 11, Office, Microsoft Edge (separate update), and more
  • Cumulative updates released:
    • Windows 11: KB5083769, KB5082052
    • Windows 10: KB5082200 (Extended Security Update)

Microsoft has confirmed that no patches were released for Microsoft Edge or Mariner in this cycle those were addressed separately.

Zero-Day Vulnerabilities: 2 Critical Flaws Patched

Zero-Day Vulnerabilities

zero-day vulnerability is a security flaw in software that is unknown to the vendor (such as Microsoft) when it is exploited by attackers. Because there’s no patch available when the flaw is discovered, it’s called a “zero-day” meaning the vendor has zero days to fix it before it’s used in attacks.

When a zero-day is actively exploited, it means hackers are already using it to compromise systems making it one of the most dangerous threats in cybersecurity.

In this update:

  • Two others were publicly disclosed—meaning the flaw was known to researchers and the public, yet remained unpatched until now.

That’s why patching immediately is critical. Once a zero-day is patched, the risk drops dramatically.

CVE-2026-32201 (Microsoft SharePoint Server Spoofing Vulnerability): This flaw was actively exploited in attacks. It allows an unauthorized attacker to perform spoofing over a network due to improper input validation, potentially enabling them to view and modify sensitive information on affected SharePoint servers. 

CVE-2026-33825 (Microsoft Defender Elevation of Privilege Vulnerability): This publicly disclosed vulnerability allows an attacker to gain SYSTEM-level privileges. Microsoft has fixed it in Defender Antimalware Platform version 4.18.26050.3011, which updates automatically

Critical Vulnerabilities: 8 Critical vulnerabilities addressed 

Critical vulnerabilities are significant weaknesses in software, systems, or configurations that attackers can exploit to gain unauthorized access, disrupt operations, or steal data. These are defined by a Common Vulnerability Scoring System (CVSS) base score of 9.0 to 10.0

Microsoft addresses eight “Critical” vulnerabilities in the April 2026 Patch Tuesday. While Microsoft has not released a full public list of all 165 flaws, the eight Critical issues are particularly dangerous due to their remote exploitability and potential for widespread impact.

  • CVE-2026-33824 (Windows IKE Service): A Remote Code Execution (RCE) flaw with a CVSS score of 9.8. An unauthenticated attacker can send specially crafted packets to a Windows machine with IKEv2 enabled, potentially leading to RCE. It affects network-reachable systems and is considered a top priority to patch.
  • CVE-2026-33827 (Windows TCP/IP): A Remote Code Execution (RCE) vulnerability that can be exploited by sending specially crafted IPv6 packets to a Windows node with IPSec enabled. Successful exploitation requires the attacker to win a race condition but could lead to RCE.
  • CVE-2026-33826 (Windows Active Directory): A Remote Code Execution (RCE) flaw resulting from improper input validation.  An authenticated attacker within the same restricted Active Directory domain can send specially crafted RPC calls to achieve RCE on the target system.
  • CVE-2026-33115 (Microsoft Office Word): A Remote Code Execution (RCE) vulnerability due to a use-after-free flaw. An attacker can exploit this by convincing a user to open a malicious Word document, leading to code execution on the victim’s machine.
  • CVE-2026-33114 (Microsoft Office Word): A Remote Code Execution (RCE) vulnerability caused by an untrusted pointer dereference. Similar to CVE-2026-33115, exploitation requires user interaction with a malicious document.
  • CVE-2026-32190 (Microsoft Office): A Remote Code Execution (RCE) vulnerability in Microsoft Office. The attack is carried out locally, but the attacker is remote, requiring code execution from the local machine to exploit the flaw.
  • CVE-2026-32157 (Remote Desktop Client): A Remote Code Execution (RCE) vulnerability due to a use-after-free flaw. An attacker controlling a malicious server can exploit this if a user connects to it with a vulnerable client, leading to code execution on the user’s machine.
  • CVE-2026-23666 (.NET Framework): A Denial of Service (DoS) vulnerability. Successful exploitation could allow an attacker to disrupt service over the network by targeting systems using the .NET framework. 

These vulnerabilities are especially concerning in enterprise environments, where unpatched systems may serve as entry points for broader network breaches.

Recommendation: Apply the April 2026 updates immediately, especially on systems exposed to the internet or untrusted networks.

Windows 10 and Windows 11 Cumulative Updates

Microsoft has released the following cumulative security updates for Windows 10 and Windows 11 as part of the April 2026 Patch Tuesday:

Operating SystemUpdate KBTypeKey Features
Windows 11KB5083769, KB5082052Cumulative Security UpdateIncludes all security fixes from April 2026, plus general stability and reliability improvements.
Windows 10KB5082200Extended Security Update (ESU)Designed for organizations still using Windows 10 beyond its end of support. Includes critical security patches and extended support.

What’s in These Updates?

The April 2026 cumulative update KB5083769 for Windows 11 includes:

  • All 165 vulnerabilities were fixed in the security bulletin.
  • Adds support for monitors with refresh rates higher than 1000 Hz and improves USB4 power management. 
  • Users can now toggle Smart App Control on or off without requiring a clean Windows installation
  • Corrects “Reset this PC” errors, improves SMB compression reliability over QUIC, and removes extraneous error messages from sfc /scannow
  • Resolves kernel privilege escalation, WebView2 remote code execution, and phishing attacks involving Remote Desktop (.rdp) files.

For Windows 10 users, the KB5082200 update is especially important, as it’s part of the Extended Security Update (ESU) program, which allows organizations to continue receiving security patches beyond the standard end-of-life date.

  • Fixes an issue where users encountered false “no Internet” errors when signing into apps with a Microsoft account, such as Microsoft Teams. 
  • Enhances protection against phishing attacks using .rdp files by displaying all requested connection settings
  • Introduces new certificate status indicators in Windows Security and updates Secure Boot certificates to prevent potential boot failures. 
  • Resolves a critical BitLocker Recovery issue triggered by Secure Boot updates and improves DISM offline image servicing for LTSC editions.

Why This Update Matters

The April 2026 Patch Tuesday is one of the most security-critical of the month due to:

  1. Active exploitation of a zero-day (CVE-2026-32201, CVE-2026-33825) — a rare and high-risk event.
  2.  Enhances protection against phishing attacks, allows on or off  Smart App Control without a clean install.
  3. Eight Critical vulnerabilities, including six RCE flaws, which could allow unauthorized remote access.
  4. Long-term security risks — such as expired Secure Boot certificates are being addressed.

Security experts, including BleepingComputerKrebs on Security, and The Hacker News, have emphasized that delaying this update could lead to serious breaches.

How to Download and Install the Updates

The primary method for obtaining and installing these updates is through Windows Update:

How to Download and Install the Updates
  1. Windows Update: Go to Settings > Update & Security > Windows Update (or equivalent in older Windows versions) and check for updates.
  2. WSUS/SCCM: Organizations using Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) can deploy updates through their centralized management systems.
  3. Microsoft Update Catalog: For specific updates or offline installations, you can download them directly from the Microsoft Update Catalog website.

Windows update offline installers:

Important note:

  • Focus on installing critical updates first, as they address the most severe vulnerabilities.
  • Enable automatic updates to ensure that security patches are installed promptly.
  • Before deploying updates to production systems, it’s recommended to test them in a non-production environment to identify any potential compatibility issues.
  • Regularly check the Microsoft Security Update Guide for detailed information about released updates.

Frequently Asked Questions

What is Microsoft’s April 2026 Patch Tuesday about?

Microsoft’s April 2026 Patch Tuesday addresses 167 vulnerabilities across Windows, Office, SharePoint, .NET, and other Microsoft products, including 2 zero-days and 8 Critical flaws.

Which zero-day vulnerabilities were fixed in this update?

Microsoft patched two zero-days: CVE-2026-33825 (Elevation of Privilege in Microsoft Defender) and CVE-2026-32201 (Spoofing in Microsoft SharePoint Server), both of which were actively exploited.

Why is this Patch Tuesday considered high priority?

Because it fixes actively exploited zero-days and eight Critical vulnerabilities, several of which allow remote code execution (RCE). Unpatched systems are at higher risk of compromise, especially if they’re exposed to the internet.

Which Windows updates should I install?

For Windows 11, install KB5083769 and KB5082052. For Windows 10 (ESU), install KB5082200. These cumulative updates include all April 2026 security fixes plus stability and reliability improvements.

How do I download and install the April 2026 updates?

Go to Settings > Update & Security > Windows Update and click Check for updates. Organizations can use WSUS/SCCM, or download offline installers from the Microsoft Update Catalog.

Robeg

I am Robeg founder of this blog. My qualification. completed Bachelor of Arts (BA) and Microsoft Certified Professional (MCP). With a strong background in computer applications love write articles on Microsoft Windows (11, 10, etc.) Cybersecurity, WordPress and more.

Related Articles

Leave a Reply