{“lastseen”:”2026-04-15T10:07:48″,”description”:”This month\u2019s patch Tuesday looks to remediate 167 security vulnerabilities including two zero-day vulnerabilities, one of which is known to be actively exploited in the wild.\\n\\nThis makes April one of those months where \u201cPatch Tuesday\u201d looks more like \u201cpatch the entire stack,\u201d from servers and endpoints to network gear, browsers, and mobile devices. But the alternative is leaving a long list of well\u2011documented doors open for attackers to walk through.\\n\\nMicrosoft defines a zero-day as \u201ca flaw in software for which no official patch or security update is available yet.\u201d In this case, one being actively exploited and the other is publicly disclosed, which makes both high priorities on your to-do list.\\n\\nSo, let\u2019s have a look at those two zero-days.\\n\\nThe vulnerability tracked as CVE-2026-32201 (CVSS score 6.5 out of 10) is an improper input validation issue in Microsoft Office SharePoint that allows an unauthorized attacker to perform spoofing over a network.\\n\\nAn attacker who successfully exploited this vulnerability could view some sensitive information, and make changes to disclosed information, but cannot limit access to the resource. In simple terms, it could be used to spread false information in a trusted SharePoint environment. This vulnerability is being exploited in the wild.\\n\\nThe second zero-day this month, tracked as CVE-2026-33825 with a CVSS score of 7.8 out of 10, is an elevation of privilege (EoP) vulnerability in Microsoft Defender\u2019s anti-malware platform. It allows a local attacker to escalate their privileges to SYSTEM, effectively giving them the keys to the kingdom on the affected system. Once at that level, an attacker can disable security tools, install persistent malware, harvest credentials, and move laterally to other systems in the same network. This vulnerability is publicly disclosed, which often lowers the barrier for cybercriminals to start exploiting it.\\n\\nIn addition, BleepingComputer warns:\\n\\n\\u003e \u201cMicrosoft has also fixed multiple remote code execution bugs in Microsoft Office (Word and Excel) that can be executed via the preview pane or by opening malicious documents. Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments.\u201d\\n\\n## How to apply fixes and check if you\u2019re protected\\n\\nThese updates fix security problems and keep your Windows PC protected. Here\u2019s how to make sure you\u2019re up to date:\\n\\n1\\\\. Open **Settings**\\n\\n * Click the **Start** button (the Windows logo at the bottom left of your screen).\\n * Click on **Settings** (it looks like a little gear).\\n\\n\\n\\n2\\\\. Go to **Windows Update**\\n\\n * In the Settings window, select **Windows Update** (usually at the bottom of the menu on the left).\\n\\n\\n\\n3. **Check for updates**\\n\\n * Click the button that says **Check for updates**.\\n * Windows will search for the latest Patch Tuesday updates.\\n * If you have selected to **get the latest updates as soon as they\u2019re available** , you may see this under **More options**.\\n * In which case you may see a **Restart required** message. Restart your system and the update will complete. \\n\\n * If not, continue with the steps below.\\n\\n\\n\\n4\\\\. **Download and Install** If updates are found, they\u2019ll start downloading automatically. Once complete, you\u2019ll see a button that says **Install** or **Restart now**.\\n\\n * Click **Install **if needed and follow any prompts. Your computer will usually need a restart to finish the update. If it does, click **Restart now**.\\n\\n\\n\\n**5\\\\. Double-check you\u2019re up to date**\\n\\n * After restarting, go back to **Windows Update** and check again. If it says **You\u2019re up to date** , you\u2019re all set!\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2026-04-15T09:57:15″,”modified”:”2026-04-15T09:57:15″,”type”:”malwarebytes”,”title”:”April Patch Tuesday fixes two zero-days, including one under active attack”,”source”:””,”references”:””,”id”:”MALWAREBYTES:E2519B8F147BAD2675D4F8045B9C5AAE”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-32201″,”CVE-2026-33825″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/04\/april-patch-tuesday-fixes-two-zero-days-including-one-under-active-attack”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-15T10:07:48″,”description”:”This month\u2019s patch Tuesday looks to remediate 167 security vulnerabilities including two zero-day vulnerabilities, one of which is known to be actively exploited in the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,28,12,15,115,13,7,11,5],"class_list":["post-47154","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n