Microsoft Fixes 167 Vulnerabilities in April 2026 Patch Tuesday Updates

Microsoft released its April 2026 Patch Tuesday updates, addressing a large set of security vulnerabilities across Windows systems. The updates include Windows 11 KB5083769 and KB5082052, along with Windows 10 KB5082200 (ESU), and fix a total of 167 vulnerabilities.

According to Bleeping Computer, this month’s rollout includes two zero-day vulnerabilities and eight classified as critical, making it one of the more important security updates in recent months.

The update does not include earlier fixes released for Mariner, Azure, or Bing, nor the 80 Chromium vulnerabilities patched separately by Google that also affect Edge.

Breakdown of Vulnerabilities

The April release covers a wide range of security issues across different categories. Elevation of privilege vulnerabilities account for the largest portion, followed by remote code execution and information disclosure flaws.

Remote code execution remains one of the most dangerous categories, with 20 such vulnerabilities fixed. Attackers can exploit these flaws to execute malicious code remotely, often without user interaction.

Critical vulnerabilities include seven remote code execution issues and one denial of service flaw, highlighting the severity of this release.

Actively Exploited and Public Zero-Days

Microsoft addressed two zero-day vulnerabilities in this update. One of them has already been exploited in real-world attacks.

CVE-2026-32201 affects Microsoft SharePoint Server and enables spoofing attacks. Threat actors can use it to access sensitive information or modify data, making it particularly dangerous for enterprise environments.

The second zero-day, CVE-2026-33825, impacts Microsoft Defender and allows elevation of privilege to the SYSTEM level. Microsoft fixed it in Defender Antimalware Platform version 4.18.26050.3011, which updates automatically through Windows Security.

Microsoft Office Security Risks

This Patch Tuesday also includes multiple remote code execution vulnerabilities affecting Microsoft Word and Excel. Attackers can exploit these flaws simply by opening malicious files or even through the preview pane.

These risks increase exposure for everyday users and organizations, especially those handling external documents. Immediate updates are strongly recommended to reduce the attack surface.

With 167 vulnerabilities fixed and active threats already observed, this release stands out as a critical security update. Systems that remain unpatched face increased risk, particularly in enterprise environments where attackers often target privilege escalation paths.

In addition to these fixes, Microsoft has also introduced improvements to Remote Desktop Protocol security, adding new protections against phishing attacks delivered via .rdp files.