{“lastseen”:”2026-04-14T22:05:51″,”description”:”April 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here’s a quick breakdown of what you need to know.\\n\\n## Microsoft Patch Tuesday for April 2026\\n\\nThis month’s release addresses **163** vulnerabilities, including **eight** critical and **154** important-severity**** vulnerabilities.\\n\\nIn this month’s updates, Microsoft has addressed **one **publicly disclosed zero-day vulnerability and **one** being exploited in the wild.\\n\\nMicrosoft addressed **80** vulnerabilities in Microsoft Edge (Chromium-based) that were patched earlier this month.\\n\\nMicrosoft Patch Tuesday, April edition, includes updates for vulnerabilities in Microsoft Graphics Component, Windows Kerberos, Windows Kernel, Windows Hyper-V, Microsoft Windows Speech, Remote Desktop Client, SQL Server, Azure Monitor Agent, Windows BitLocker, Microsoft Management Console, Windows IKE Extension, Microsoft Defender, Input-Output Memory Management Unit (IOMMU), and more.\\n\\nThis month’s release includes fixes for several high-severity issues that could potentially enable remote code execution, privilege escalation, or denial-of-service attacks. As always, timely patch deployment is crucial to reduce exposure and ensure systems remain resilient against exploitation attempts.\\n\\nThe April 2026 Microsoft vulnerabilities are classified as follows:\\n\\n**Vulnerability Category**| **Quantity**| **Severitie** s \\n—|—|— \\nSpoofing Vulnerability| 8| Important: 8 \\nDenial of Service Vulnerability| 9| Critical: 1 \\nImportant: 8 \\nElevation of Privilege Vulnerability| 93| Important: 93 \\nInformation Disclosure Vulnerability| 20| Important: 20 \\nRemote Code Execution Vulnerability| 20| Critical: 7 \\nImportant: 13 \\nSecurity Feature Bypass Vulnerability| 12| Important: 12 \\n \\n## Adobe Patches for April 2026\\n\\nAdobe has released 12 security advisories to address **56** vulnerabilities in Adobe Acrobat Reader, Adobe Illustrator, Adobe DNG SDK, Adobe Photoshop, Adobe Bridge, Adobe ColdFusion, Adobe Connect, Adobe FrameMaker, Adobe Experience Manager Screens, Adobe InCopy, Adobe InDesign, and Adobe Acrobat Reader. 38 of these vulnerabilities are rated critical. Successful exploitation of these vulnerabilities may lead to privilege escalation, Security feature bypass, arbitrary file system read, and arbitrary code execution.\\n\\n## Zero-day Vulnerabilities Patched in April Patch Tuesday Edition\\n\\n### CVE-2026-33825: Microsoft Defender Elevation of Privilege Vulnerability\\n\\nMicrosoft Defender is a comprehensive, AI-powered security suite that provides malware protection, phishing detection, and web protection for individuals and businesses.\\n\\nAn insufficient access-control granularity flaw in Windows Defender could allow an authenticated attacker to elevate local privileges. Insufficient Granularity of Access Control occurs when security policies are too broad, allowing authorized users to access data or perform actions beyond their intended permissions.\\n\\n### CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability\\n\\nAn improper input validation vulnerability in Microsoft Office SharePoint may allow an unauthenticated attacker to perform network spoofing.\\n\\nCISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 28, 2026.\\n\\n## Critical Severity Vulnerabilities Patched in April Patch Tuesday Edition\\n\\n### CVE-2026-32157: Remote Desktop Client Remote Code Execution Vulnerability\\n\\nA use-after-free flaw in the Remote Desktop Client may allow an unauthenticated attacker to execute code over the network. Successful exploitation of the vulnerability requires an authenticated user on the client to connect to a malicious server.\\n\\n### CVE-2026-33826: Windows Active Directory Remote Code Execution Vulnerability\\n\\nAn improper input validation flaw in Windows Active Directory could allow an authenticated attacker to execute code on an adjacent network. An attacker must send a specially crafted RPC call to an RPC host to exploit the vulnerability.\\n\\n### CVE-2026-23666: .NET Framework Denial of Service Vulnerability\\n\\nA race condition flaw in the .NET Framework could allow an unauthenticated attacker to deny service to network clients.\\n\\n### CVE-2026-32190: Microsoft Office Remote Code Execution Vulnerability\\n\\nA use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally.\\n\\n### CVE-2026-33114: Microsoft Word Remote Code Execution Vulnerability\\n\\nA pointer dereference vulnerability in Microsoft Word allows an unauthenticated attacker to execute code locally.\\n\\n### CVE-2026-33115: Microsoft Word Remote Code Execution Vulnerability\\n\\nA use-after-free vulnerability in Microsoft Office Word could allow an unauthenticated attacker to execute code locally.\\n\\n### CVE-2026-33827: Windows TCP\/IP Remote Code Execution Vulnerability\\n\\nA race condition flaw in Windows TCP\/IP may allow an unauthenticated attacker to execute code over a network. An attacker could send a specially crafted IPv6 packet to a Windows node with IPSec enabled, leading to remote code execution.\\n\\n### CVE-2026-33824: Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability\\n\\nWindows Internet Key Exchange is a foundational network security protocol used by Windows to set up secure, encrypted IPsec tunnels, primarily for VPN connections.\\n\\nAn unauthenticated attacker could send specially crafted packets to a Windows machine with Internet Key Exchange version 2 enabled, potentially leading to remote code execution.\\n\\n## Other Microsoft Vulnerability Highlights\\n\\n * **CVE-2026-26151** is a spoofing vulnerability in Remote Desktop. Successful exploitation of the vulnerability allows an unauthenticated attacker to perform network spoofing.\\n * **CVE-2026-27906** is a security feature bypass vulnerability in Windows Hello. Successful exploitation of the vulnerability may allow an authenticated attacker to bypass a local security feature.\\n * **CVE-2026-27908** is an elevation-of-privilege vulnerability in the Windows TDI Translation Driver (tdx.sys). A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-27921** is an elevation-of-privilege vulnerability in the Windows TDI Translation Driver (tdx.sys). An attacker may exploit the vulnerability to gain SYSTEM privileges.\\n * **CVE-2026-32093** is an elevation-of-privilege vulnerability in the Windows Function Discovery Service (fdwsd.dll). An authenticated attacker who successfully exploited this vulnerability could gain administrator privileges.\\n * **CVE-2026-32152** and** CVE-2026-32154 **are elevation-of-privilege vulnerabilities in the DesktopWindow Manager. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-0390** is a security feature bypass vulnerability in the Windows Boot Loader. Successful exploitation of the vulnerability may allow an authenticated attacker to bypass a local security feature.\\n * **CVE-2026-32202** is a spoofing vulnerability in the Windows Shell. An unauthenticated attacker may exploit the vulnerability to perform network spoofing.\\n * **CVE-2026-26169** is an information disclosure vulnerability in Windows Kernel Memory. An authenticated attacker may exploit the vulnerability to disclose information locally.\\n * **CVE-2026-26173** is an elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock. A race condition flaw may allow an authenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-27909** is an elevation-of-privilege vulnerability in the Windows Search Service. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-27913 **is a security feature bypass vulnerability in the Windows BitLocker. An improper input validation flaw may allow an unauthenticated attacker to bypass a local security feature.\\n * **CVE-2026-27914 **is an elevation-of-privilege vulnerability in the Microsoft Management Console. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-32070** is an elevation-of-privilege vulnerability in the Windows Common Log File System Driver. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-32162** is an elevation-of-privilege vulnerability in Windows COM. Successful exploitation of the vulnerability may allow an unauthenticated attacker to gain SYSTEM privileges.\\n * **CVE-2026-32225** is a security feature bypass vulnerability in Windows Shell. Successful exploitation of the vulnerability may allow an unauthenticated attacker to bypass a network security feature.\\n * **CVE-2026-32075** is an elevation-of-privilege vulnerability in the Windows UPnP Device Host. Successful exploitation of the vulnerability may allow an authenticated attacker to gain administrator privileges.\\n\\n\\n\\n## Microsoft Release Summary\\n\\nThis month’s release notes cover multiple Microsoft product families and products\/versions affected, including, but not limited to, Windows Boot Loader, Windows COM, Windows Recovery Environment Agent, Windows Management Services, Microsoft Office SharePoint, GitHub Copilot and Visual Studio Code, Microsoft Office Word, .NET Framework, Windows Virtualization-Based Security (VBS) Enclave, Applocker Filter Driver (applockerfltr.sys), Microsoft PowerShell, Microsoft Power Apps, Windows Remote Desktop, Windows Cryptographic Services, Windows Encrypting File System (EFS), Windows Server Update Service, Windows Local Security Authority Subsystem Service (LSASS), Windows Remote Desktop Licensing Service, Windows Sensor Data Service, Windows OLE, Windows Shell, Windows Push Notifications, Windows Ancillary Function Driver for WinSock, Windows Kernel Memory, .NET, Windows Boot Manager, Windows Client Side Caching driver (csc.sys), Windows Advanced Rasterization Platform, Microsoft Brokering File System, Windows RPC API, Windows Projected File System, Windows Hello, Windows Storage Spaces Controller, Windows TDI Translation Driver (tdx.sys), Microsoft Windows Search Component, Windows Installer, Windows User Interface Core, Windows Universal Plug and Play (UPnP) Device Host, Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys), Windows TCP\/IP, Desktop Window Manager, Windows Cloud Files Mini Filter Driver, Windows LUAFV, Windows GDI, Windows SSDP Service, Windows Common Log File System Driver, Windows Active Directory, Windows File Explorer, Windows WalletService, Windows Remote Procedure Call, Function Discovery Service (fdwsd.dll), Windows Biometric Service, Windows Speech Brokered Api, Azure Logic Apps, Microsoft Windows, Windows Snipping Tool, Microsoft High Performance Compute Pack (HPC), Microsoft Office Excel, Microsoft Office, Windows Admin Center, Microsoft Office PowerPoint, .NET and Visual Studio, Universal Plug and Play (upnp.dll), Windows Redirected Drive Buffering, Windows Win32K – ICOMP, Windows USB Print Driver, Windows HTTP.sys, Windows Container Isolation FS Filter Driver, Windows Print Spooler Components, Microsoft Dynamics 365 (on-premises), Windows Win32K – GRFX, .NET, .NET Framework, Visual Studio, Microsoft Edge (Chromium-based), Node.js, Windows Secure Boot, and GitHub Repo: Git for Windows.\\n\\nThe next Patch Tuesday is scheduled for May 12, and we will provide details and patch analysis then. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patches’ webinar.’\\n\\n## Qualys Monthly Webinar Series\\n\\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management, Detection \\u0026 Response (VMDR), and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.\\n\\nDuring the webcast, we will discuss this month’s high-impact vulnerabilities, including those highlighted in this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.\\n\\n* * *\\n\\n### Join the webinar\\n\\n### This Month in Vulnerabilities \\u0026 Patches\\n\\nRegister Now”,”published”:”2026-04-14T20:16:14″,”modified”:”2026-04-14T20:16:14″,”type”:”qualysblog”,”title”:”Microsoft\u00a0and Adobe\u00a0Patch Tuesday,\u00a0April\u00a02026 Security Update Review”,”source”:””,”references”:””,”id”:”QUALYSBLOG:BAE6775A74799F0D39E36FB9D026FA2B”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-0390″,”CVE-2026-23666″,”CVE-2026-26151″,”CVE-2026-26169″,”CVE-2026-26173″,”CVE-2026-27906″,”CVE-2026-27908″,”CVE-2026-27909″,”CVE-2026-27913″,”CVE-2026-27914″,”CVE-2026-27921″,”CVE-2026-32070″,”CVE-2026-32075″,”CVE-2026-32093″,”CVE-2026-32152″,”CVE-2026-32154″,”CVE-2026-32157″,”CVE-2026-32162″,”CVE-2026-32190″,”CVE-2026-32201″,”CVE-2026-32202″,”CVE-2026-32225″,”CVE-2026-33114″,”CVE-2026-33115″,”CVE-2026-33824″,”CVE-2026-33825″,”CVE-2026-33826″,”CVE-2026-33827″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.qualys.com\/category\/vulnerabilities-threat-research”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-14T22:05:51″,”description”:”April 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,120,7,11,5],"class_list":["post-47085","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n