April 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here’s a quick breakdown of what you need to know.
Microsoft Patch Tuesday for April 2026
This month’s release addresses 163 vulnerabilities, including eight critical and 154 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed one publicly disclosed zero-day vulnerability and one being exploited in the wild.
Microsoft addressed 80 vulnerabilities in Microsoft Edge (Chromium-based) that were patched earlier this month.
Microsoft Patch Tuesday, April edition, includes updates for vulnerabilities in Microsoft Graphics Component, Windows Kerberos, Windows Kernel, Windows Hyper-V, Microsoft Windows Speech, Remote Desktop Client, SQL Server, Azure Monitor Agent, Windows BitLocker, Microsoft Management Console, Windows IKE Extension, Microsoft Defender, Input-Output Memory Management Unit (IOMMU), and more.
This month’s release includes fixes for several high-severity issues that could potentially enable remote code execution, privilege escalation, or denial-of-service attacks. As always, timely patch deployment is crucial to reduce exposure and ensure systems remain resilient against exploitation attempts.
The April 2026 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 8 | Important: 8 |
| Denial of Service Vulnerability | 9 | Critical: 1 Important: 8 |
| Elevation of Privilege Vulnerability | 93 | Important: 93 |
| Information Disclosure Vulnerability | 20 | Important: 20 |
| Remote Code Execution Vulnerability | 20 | Critical: 7 Important: 13 |
| Security Feature Bypass Vulnerability | 12 | Important: 12 |
Adobe Patches for April 2026
Adobe has released 12 security advisories to address 56 vulnerabilities in Adobe Acrobat Reader, Adobe Illustrator, Adobe DNG SDK, Adobe Photoshop, Adobe Bridge, Adobe ColdFusion, Adobe Connect, Adobe FrameMaker, Adobe Experience Manager Screens, Adobe InCopy, Adobe InDesign, and Adobe Acrobat Reader. 38 of these vulnerabilities are rated critical. Successful exploitation of these vulnerabilities may lead to privilege escalation, Security feature bypass, arbitrary file system read, and arbitrary code execution.
Zero-day Vulnerabilities Patched in April Patch Tuesday Edition
CVE-2026-33825: Microsoft Defender Elevation of Privilege Vulnerability
Microsoft Defender is a comprehensive, AI-powered security suite that provides malware protection, phishing detection, and web protection for individuals and businesses.
An insufficient access-control granularity flaw in Windows Defender could allow an authenticated attacker to elevate local privileges. Insufficient Granularity of Access Control occurs when security policies are too broad, allowing authorized users to access data or perform actions beyond their intended permissions.
CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability
An improper input validation vulnerability in Microsoft Office SharePoint may allow an unauthenticated attacker to perform network spoofing.
CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 28, 2026.
Critical Severity Vulnerabilities Patched in April Patch Tuesday Edition
CVE-2026-32157: Remote Desktop Client Remote Code Execution Vulnerability
A use-after-free flaw in the Remote Desktop Client may allow an unauthenticated attacker to execute code over the network. Successful exploitation of the vulnerability requires an authenticated user on the client to connect to a malicious server.
CVE-2026-33826: Windows Active Directory Remote Code Execution Vulnerability
An improper input validation flaw in Windows Active Directory could allow an authenticated attacker to execute code on an adjacent network. An attacker must send a specially crafted RPC call to an RPC host to exploit the vulnerability.
CVE-2026-23666: .NET Framework Denial of Service Vulnerability
A race condition flaw in the .NET Framework could allow an unauthenticated attacker to deny service to network clients.
CVE-2026-32190: Microsoft Office Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally.
CVE-2026-33114: Microsoft Word Remote Code Execution Vulnerability
A pointer dereference vulnerability in Microsoft Word allows an unauthenticated attacker to execute code locally.
CVE-2026-33115: Microsoft Word Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office Word could allow an unauthenticated attacker to execute code locally.
CVE-2026-33827: Windows TCP/IP Remote Code Execution Vulnerability
A race condition flaw in Windows TCP/IP may allow an unauthenticated attacker to execute code over a network. An attacker could send a specially crafted IPv6 packet to a Windows node with IPSec enabled, leading to remote code execution.
CVE-2026-33824: Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Windows Internet Key Exchange is a foundational network security protocol used by Windows to set up secure, encrypted IPsec tunnels, primarily for VPN connections.
An unauthenticated attacker could send specially crafted packets to a Windows machine with Internet Key Exchange version 2 enabled, potentially leading to remote code execution.
Other Microsoft Vulnerability Highlights
- CVE-2026-26151 is a spoofing vulnerability in Remote Desktop. Successful exploitation of the vulnerability allows an unauthenticated attacker to perform network spoofing.
- CVE-2026-27906 is a security feature bypass vulnerability in Windows Hello. Successful exploitation of the vulnerability may allow an authenticated attacker to bypass a local security feature.
- CVE-2026-27908 is an elevation-of-privilege vulnerability in the Windows TDI Translation Driver (tdx.sys). A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2026-27921 is an elevation-of-privilege vulnerability in the Windows TDI Translation Driver (tdx.sys). An attacker may exploit the vulnerability to gain SYSTEM privileges.
- CVE-2026-32093 is an elevation-of-privilege vulnerability in the Windows Function Discovery Service (fdwsd.dll). An authenticated attacker who successfully exploited this vulnerability could gain administrator privileges.
- CVE-2026-32152 and CVE-2026-32154 are elevation-of-privilege vulnerabilities in the DesktopWindow Manager. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2026-0390 is a security feature bypass vulnerability in the Windows Boot Loader. Successful exploitation of the vulnerability may allow an authenticated attacker to bypass a local security feature.
- CVE-2026-32202 is a spoofing vulnerability in the Windows Shell. An unauthenticated attacker may exploit the vulnerability to perform network spoofing.
- CVE-2026-26169 is an information disclosure vulnerability in Windows Kernel Memory. An authenticated attacker may exploit the vulnerability to disclose information locally.
- CVE-2026-26173 is an elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock. A race condition flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2026-27909 is an elevation-of-privilege vulnerability in the Windows Search Service. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2026-27913 is a security feature bypass vulnerability in the Windows BitLocker. An improper input validation flaw may allow an unauthenticated attacker to bypass a local security feature.
- CVE-2026-27914 is an elevation-of-privilege vulnerability in the Microsoft Management Console. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2026-32070 is an elevation-of-privilege vulnerability in the Windows Common Log File System Driver. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2026-32162 is an elevation-of-privilege vulnerability in Windows COM. Successful exploitation of the vulnerability may allow an unauthenticated attacker to gain SYSTEM privileges.
- CVE-2026-32225 is a security feature bypass vulnerability in Windows Shell. Successful exploitation of the vulnerability may allow an unauthenticated attacker to bypass a network security feature.
- CVE-2026-32075 is an elevation-of-privilege vulnerability in the Windows UPnP Device Host. Successful exploitation of the vulnerability may allow an authenticated attacker to gain administrator privileges.
Microsoft Release Summary
This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Windows Boot Loader, Windows COM, Windows Recovery Environment Agent, Windows Management Services, Microsoft Office SharePoint, GitHub Copilot and Visual Studio Code, Microsoft Office Word, .NET Framework, Windows Virtualization-Based Security (VBS) Enclave, Applocker Filter Driver (applockerfltr.sys), Microsoft PowerShell, Microsoft Power Apps, Windows Remote Desktop, Windows Cryptographic Services, Windows Encrypting File System (EFS), Windows Server Update Service, Windows Local Security Authority Subsystem Service (LSASS), Windows Remote Desktop Licensing Service, Windows Sensor Data Service, Windows OLE, Windows Shell, Windows Push Notifications, Windows Ancillary Function Driver for WinSock, Windows Kernel Memory, .NET, Windows Boot Manager, Windows Client Side Caching driver (csc.sys), Windows Advanced Rasterization Platform, Microsoft Brokering File System, Windows RPC API, Windows Projected File System, Windows Hello, Windows Storage Spaces Controller, Windows TDI Translation Driver (tdx.sys), Microsoft Windows Search Component, Windows Installer, Windows User Interface Core, Windows Universal Plug and Play (UPnP) Device Host, Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys), Windows TCP/IP, Desktop Window Manager, Windows Cloud Files Mini Filter Driver, Windows LUAFV, Windows GDI, Windows SSDP Service, Windows Common Log File System Driver, Windows Active Directory, Windows File Explorer, Windows WalletService, Windows Remote Procedure Call, Function Discovery Service (fdwsd.dll), Windows Biometric Service, Windows Speech Brokered Api, Azure Logic Apps, Microsoft Windows, Windows Snipping Tool, Microsoft High Performance Compute Pack (HPC), Microsoft Office Excel, Microsoft Office, Windows Admin Center, Microsoft Office PowerPoint, .NET and Visual Studio, Universal Plug and Play (upnp.dll), Windows Redirected Drive Buffering, Windows Win32K – ICOMP, Windows USB Print Driver, Windows HTTP.sys, Windows Container Isolation FS Filter Driver, Windows Print Spooler Components, Microsoft Dynamics 365 (on-premises), Windows Win32K – GRFX, .NET, .NET Framework, Visual Studio, Microsoft Edge (Chromium-based), Node.js, Windows Secure Boot, and GitHub Repo: Git for Windows.
The next Patch Tuesday is scheduled for May 12, and we will provide details and patch analysis then. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patches’ webinar.’
Qualys Monthly Webinar Series
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management, Detection & Response (VMDR), and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.
During the webcast, we will discuss this month’s high-impact vulnerabilities, including those highlighted in this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Deixe o seu comentário