US Edition
Microsoft's Massive Patch Tuesday: It's Raining Bugs
The update also fixes two zero-days, including a SharePoint flaw exploited in attacks, and patches remote code execution bugs in Microsoft Office.
- On Tuesday, Microsoft released security updates for 167 flaws, including two zero-day vulnerabilities and 80 Edge and Chromium flaws fixed by Google, marking its second-largest monthly patch release ever.
- An actively exploited SharePoint spoofing vulnerability, CVE-2026-32201, allows unauthorized attackers to perform network spoofing by exploiting improper input validation in Microsoft SharePoint Server, enabling theft and modification of sensitive data.
- A second zero-day, Microsoft Defender elevation of privilege flaw CVE-2026-33825, matches exploit code called BlueHammer, attributed to a researcher calling themselves "Chaotic Eclipse" who published it on GitHub earlier this month.
- Action1 president Mike Walters warned the SharePoint flaw lets attackers "fake trust at scale" through phishing, while Zero Day Initiative expert Dustin Childs urged users to "test and deploy" the Defender fix quickly.
- Record-Breaking patch volume may stem from increased AI tool use in vulnerability discovery, according to Zero Day Initiative expert Childs; Adobe, Fortinet, SAP, and Google also issued security updates this month.
7 Articles
7 Articles
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution. Redmond warns th…
cybernoz.com
IT Security News - cybersecurity, infosecurity newsMicrosoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
Microsoft’s latest Patch Tuesday updates fix 165 vulnerabilities, including a SharePoint zero-day that has been exploited in the wild. The exploited SharePoint Server vulnerability is tracked as CVE-2026-32201 and it has been described as a spoofing issue. Microsoft assigned it an ‘important’ severity rating with a CVSS score of 6.5. “Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing ove…
Multiple vulnerabilities have been discovered in Microsoft Edge. They allow an attacker to cause a circumvention of security policy and a security problem not specified by the publisher. See online: https://www.cert.ssi.gouv.fr/avis/C...
Multiple vulnerabilities have been discovered in Microsoft products. They allow an attacker to cause a security problem not specified by the editor. See online: https://www.cert.ssi.gouv.fr/avis/C...
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
