Microsoft Patch Tuesday: April 2026

On 14 April 2026, Microsoft released its April 2026 security update, addressing 165 newly disclosed vulnerabilities. Among these, �鶹�� has highlighted two vulnerabilities in this security bulletin.

Vulnerabilities

Vulnerability

CVSS

Description

Exploited?

CVE-2026-32201

6.5

Microsoft SharePoint Server Spoofing Vulnerability – Allows an unauthorized threat actor to perform spoofing over a network due to improper input validation. This vulnerability could allow a threat actor to view or modify sensitive information.

��?????? No details about the exploitation of this vulnerability have been disclosed.

Yes

CVE-2026-33824

9.8

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability – An unauthenticated threat actor can achieve remote code execution by sending specially crafted packets to a Windows machine with IKE version 2 enabled. This issue stems from a double-free vulnerability in the Windows IKE extension.

Recommendation

Upgrade to Latest Fixed Versions

�鶹�� strongly recommends that customers upgrade to the latest fixed versions.

Affected Product	Vulnerability	Update Article
Windows Server 2025	CVE-2026-33824
Windows Server 2022, 23H2 Edition	CVE-2026-33824
Windows Server 2022	CVE-2026-33824
Windows Server 2019	CVE-2026-33824
Windows Server 2016	CVE-2026-33824
Windows 11 version 26H1 for x64, and ARM64-based Systems	CVE-2026-33824
Windows 11 Version 25H2 for x64, and ARM64-based Systems	CVE-2026-33824
Windows 11 Version 24H2 for x64, and ARM64-based Systems	CVE-2026-33824
Windows 11 Version 23H2 for x64, and ARM64-based Systems	CVE-2026-33824
Windows 10 Version 22H2 for 32-bit, x64, and ARM64-based Systems	CVE-2026-33824
Windows 10 Version 21H2 for x64, and ARM64-based Systems	CVE-2026-33824
Windows 10 Version 1809 for 32-bit, and x64-based Systems	CVE-2026-33824
Windows 10 Version 1607 for 32-bit, and x64-based Systems	CVE-2026-33824
Microsoft SharePoint Server Subscription Edition	CVE-2026-32201
Microsoft SharePoint Server 2019	CVE-2026-32201
Microsoft SharePoint Enterprise Server 2016	CVE-2026-32201

Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.

? 2026 �鶹��. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

�鶹��

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why �鶹��

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The �鶹�� State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The �鶹�� Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

CVE-2026-0300 �� Critical Buffer Overflow in PAN-OS User-ID Authentication Portal

Beyond the Bug: Why Cybersecurity Still Matters Even If AI Improves Secure Development

Microsoft Patch Tuesday: April 2026?

Company

Careers

Press