Microsoft's April 2026 Patch Tuesday addresses a substantial number of security flaws, urging IT professionals and users to prioritize patching. This month's release includes fixes for 167 vulnerabilities, two of which are classified as zero-day exploits. ## Zero-Day Vulnerabilities in the Spotlight **Microsoft** defines a zero-day vulnerability as one that is either publicly disclosed or actively exploited without an official patch available. This month's Patch Tuesday addresses two such vulnerabilities: * **Microsoft SharePoint Server** Spoofing Vulnerability: This vulnerability is actively exploited in attacks. According to **Microsoft**, improper input validation allows an unauthorized attacker to perform spoofing over a network, potentially leading to the viewing of sensitive information and modification of disclosed data. * **Microsoft Defender** Elevation of Privilege Vulnerability: This flaw allows attackers to gain SYSTEM privileges. The vulnerability is addressed in the **Microsoft Defender** Antimalware Platform update version **4.18.26050.3011**, which should be automatically downloaded. Users can manually check for updates via **Windows Security** > **Virus & threat protection** > **Protection Updates**. **Zen Dodd** and Yuanpei XU (HUST) with Diffract are credited with discovering the **Microsoft Defender** flaw. ## Critical Remote Code Execution Flaws The Patch Tuesday release also addresses eight "Critical" vulnerabilities, with seven being remote code execution (RCE) flaws and one a denial-of-service (DoS) vulnerability. Notably, several RCE bugs in **Microsoft Office** (Word and Excel) are fixed, which can be exploited via the preview pane or by opening malicious documents. Users who frequently receive attachments should prioritize these updates. ## Key Vulnerability Highlights Here's a summary table of some of the vulnerabilities addressed in this month's Patch Tuesday: | Tag | CVE ID | CVE Title | Severity | | ----------------------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------------------- | ---------- | | .NET | CVE-2026-26171 | .NET Denial of Service Vulnerability | Important | | .NET | CVE-2026-32178 | .NET Spoofing Vulnerability | Important | | .NET and Visual Studio | CVE-2026-32203 | .NET and Visual Studio Denial of Service Vulnerability | Important | | .NET Framework | CVE-2026-23666 | .NET Framework Denial of Service Vulnerability | Critical | | .NET Framework | CVE-2026-32226 | .NET Framework Denial of Service Vulnerability | Important | | .NET, .NET Framework, Visual Studio | CVE-2026-33116 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important | | Applocker Filter Driver (applockerfltr.sys) | CVE-2026-25184 | Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability | Important | | Azure Logic Apps | CVE-2026-32171 | Azure Logic Apps Elevation of Privilege Vulnerability | Important | | Azure Monitor Agent | CVE-2026-32192 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important | | Azure Monitor Agent | CVE-2026-32168 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important | | Desktop Window Manager | CVE-2026-27924 | Desktop Window Manager Elevation of Privilege Vulnerability | Important | | Desktop Window Manager | CVE-2026-32154 | Desktop Window Manager Elevation of Privilege Vulnerability | Important | | Desktop Window Manager | CVE-2026-32152 | Desktop Window Manager Elevation of Privilege Vulnerability | Important | | Desktop Window Manager | CVE-2026-27923 | Desktop Window Manager Elevation of Privilege Vulnerability | Important | | Desktop Window Manager | CVE-2026-32155 | Desktop Window Manager Elevation of Privilege Vulnerability | Important | | Function Discovery Service (fdwsd.dll) | CVE-2026-32087 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important | | Function Discovery Service (fdwsd.dll) | CVE-2026-32086 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important | | Function Discovery Service (fdwsd.dll) | CVE-2026-32150 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important | | Function Discovery Service (fdwsd.dll) | CVE-2026-32093 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important | | GitHub Copilot and Visual Studio Code | CVE-2026-23653 | GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability | Important | | GitHub Repo: Git for Windows | CVE-2026-32631 | GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes | Important | | Input-Output Memory Management Unit (IOMMU) | CVE-2023-20585 | AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability | Important | | Microsoft Brokering File System | CVE-2026-32091 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | | Microsoft Brokering File System | CVE-2026-32219 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | | Microsoft Brokering File System | CVE-2026-26181 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | | Microsoft Defender | CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability | Important | For a comprehensive list of all resolved vulnerabilities and affected systems, refer to **Microsoft's** official security update guide.