{"id":603,"date":"2026-04-15T09:44:15","date_gmt":"2026-04-15T09:44:15","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=603"},"modified":"2026-04-15T09:44:15","modified_gmt":"2026-04-15T09:44:15","slug":"microsoft-issues-patches-for-sharepoint-zero-day-and-168-other-new-vulnerabilities","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=603","title":{"rendered":"Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities"},"content":{"rendered":"
\n
<\/a><\/div>\n

Microsoft on Tuesday released updates to address a\u00a0record 169 security\u00a0flaws<\/a> across its product portfolio, including one vulnerability that\u00a0has been actively\u00a0exploited in the\u00a0wild.<\/p>\n

Of these 169 vulnerabilities, 157 are rated Important, eight are rated\u00a0Critical, three are rated Moderate,\u00a0and one is rated Low in\u00a0severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities.<\/p>\n

Also included among the 169 flaws are\u00a0four non-Microsoft\u00a0issued\u00a0CVEs impacting AMD (CVE-2023-20585), Node.js\u00a0(CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631). The updates are in addition\u00a0to 78 vulnerabilities<\/a> that\u00a0have been\u00a0addressed\u00a0in its Chromium-based Edge browser since\u00a0the update that\u00a0was released last\u00a0month.<\/p>\n

The release makes it\u00a0the second\u00a0biggest Patch Tuesday\u00a0ever, a\u00a0little below the record set in October 2025, when Microsoft addressed\u00a0a massive 183 security\u00a0flaws.\u00a0\u00abAt this pace, 2026 is on track to affirm that 1,000+ Patch Tuesday CVEs annually is the\u00a0norm,\u00bb Satnam Narang, senior staff research engineer at Tenable,\u00a0said.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

\u00abNot only that, but elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April, while remote code execution (RCE) vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this\u00a0month.\u00bb<\/p>\n

The vulnerability that has come under active exploitation\u00a0is CVE-2026-32201<\/a> (CVSS score: 6.5), a spoofing vulnerability impacting Microsoft SharePoint\u00a0Server.<\/p>\n

<\/p>\n

\u00abImproper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a\u00a0network,\u00bb Microsoft said in an\u00a0advisory.\u00a0\u00abAn attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).\u00bb<\/p>\n

Although the vulnerability\u00a0was internally discovered, it’s currently not known\u00a0how it’sbeing\u00a0exploited, and who may be behind the\u00a0activity, and the scale of such\u00a0efforts.<\/p>\n

\u00abThis zero-day vulnerability in Microsoft SharePoint Server is caused by improper input validation, allowing attackers to spoof trusted content or interfaces over a\u00a0network,\u00bb Mike Walters, president and co-founder of Action1,\u00a0said.\u00a0<\/p>\n

\u00abBy exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content. While\u00a0the direct impact on data is limited, the ability to deceive users makes this a powerful tool for broader\u00a0attacks.\u00bb<\/p>\n

The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0to add<\/a> it to the Known Exploited Vulnerabilities\u00a0(KEV<\/a>) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28,\u00a02026.<\/p>\n

Another vulnerability of note is a privilege escalation flaw in Microsoft Defender\u00a0(CVE-2026-33825<\/a>, CVSS score: 7.8), which\u00a0has been\u00a0flagged as publicly known at the time of\u00a0release. According to Redmond, the vulnerability could allow an authorized attacker to elevate privileges locally\u00a0by taking advantage\u00a0ofDefender’slack of\u00a0adequate granular access\u00a0controls.<\/p>\n

Microsoft noted that no user action is required to install the update for CVE-2026-33825, as the platform updates itself frequently by default. Systems that have disabled Microsoft Defender are not in an exploitable\u00a0state.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

One of the most severe vulnerabilities is\u00a0a case\u00a0of remote code\u00a0execution impacting the Windows Internet Key Exchange (IKE) Service Extensions.Tracked\u00a0as CVE-2026-33824<\/a>, the security defect has a CVSS score of\u00a09.8\u00a0out of\u00a010.0.<\/p>\n

\u00abExploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution,\u00bb Adam Barnett, lead software engineer at Rapid7, said in a statement.<\/p>\n

\u00abVulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we\u2019d see more wormable vulnerabilities self-propagating across the internet. However, since IKE provides secure tunnel negotiation services, for instance, for VPNs, it is necessarily exposed to untrusted networks and reachable in a pre-authorization\u00a0context.\u00bb<\/p>\n

Walters noted that the security flaw poses a serious threat to enterprise environments, particularly those relying on VPN or IPsec for secure communications. Successful exploitation of the vulnerability could result in complete system compromise, allowing bad actors to steal sensitive data, disrupt operations, or move laterally across the\u00a0network.<\/p>\n

\u00abThe lack of required user interaction makes this especially dangerous for internet-facing systems. Its\u00a0low attack complexity and full system impact make it a prime candidate for rapid weaponization,\u00bb Walters added. \u00abInternet-facing systems running IKEv2 services are particularly at risk, and delaying patch deployment increases exposure to potential widespread\u00a0attacks.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Microsoft on Tuesday released updates to address a\u00a0record 169 security\u00a0flaws across its product portfolio, including one vulnerability that\u00a0has been actively\u00a0exploited in the\u00a0wild. Of these 169 vulnerabilities, 157 are rated Important,…<\/p>\n","protected":false},"author":1,"featured_media":604,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[517,147,57,751,474,126],"class_list":["post-603","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-issues","tag-microsoft","tag-patches","tag-sharepoint","tag-vulnerabilities","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=603"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/603\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/604"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}