惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

I
InfoQ
Spread Privacy
Spread Privacy
GbyAI
GbyAI
F
Fortinet All Blogs
小众软件
小众软件
B
Blog RSS Feed
博客园_首页
量子位
Y
Y Combinator Blog
美团技术团队
H
Hackread – Cybersecurity News, Data Breaches, AI and More
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
大猫的无限游戏
大猫的无限游戏
Jina AI
Jina AI
T
The Blog of Author Tim Ferriss
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Vercel News
Vercel News
Last Week in AI
Last Week in AI
F
Full Disclosure
Stack Overflow Blog
Stack Overflow Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
宝玉的分享
宝玉的分享
Microsoft Azure Blog
Microsoft Azure Blog
有赞技术团队
有赞技术团队
A
About on SuperTechFans
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
The Cloudflare Blog
Hugging Face - Blog
Hugging Face - Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Tenable Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
Engineering at Meta
Engineering at Meta
博客园 - 叶小钗
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
博客园 - 司徒正美
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
V
V2EX
酷 壳 – CoolShell
酷 壳 – CoolShell
The GitHub Blog
The GitHub Blog
V
Vulnerabilities – Threatpost
S
Schneier on Security
Latest news
Latest news
I
Intezer
A
Arctic Wolf
T
Threatpost

Tenable Blog

SharePoint CVEs FAQ: CVE-2026-56164, CVE-2026-32201, CVE-2026-45659 | Tenable® Build agentic AI security at Tenable Swarm, Black Hat 2026 SonicWall CVE-2026-15409 and CVE-2026-15410 zero-day exploited | Tenable® Understanding Anthropic’s new AI agent Claude Tag’s access model in Slack 5 reasons to integrate AppSec data with your exposure management platform July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs FedRAMP High, IL5, and zero trust: How federal agencies can secure cloud environments OMB M-26-14: Why federal agencies must fix asset visibility first CISO’s guide to CISA BOD 26-04 and risk-based security metrics for vulnerability management How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it. The Developer Credential Economy: An inside look at the Miasma worm campaign Oracle Critical Security Patch Update June 2026 | Tenable® How Tenable helps federal agencies comply with CISA BOD 26-04 Get critical cyber risk context: Understanding control validation, CTEM & Tenable One CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense Tenable CTO Vlad Korsunsky Q&A: Countering AI threat multipliers with AI-powered exposure management | Tenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacks Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs Download pumping: New npm deception technique for supply chain attacks Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect EXPOSURE 2026 prepares cybersecurity professionals for the AI era Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004) Tenable One deepens third-party integrations with new Open Connector for unified risk visibility Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182) Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation Securing data centers in the agentic AI era Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103) Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Why the approaching flood of vulnerabilities changes everything — and what to do about it The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place. Security for AI: A strategic framework for closing the AI exposure gap Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability Mastering agentic AI security through exposure management As the NVD scales back CVE enrichment, here’s what Tenable customers need to know Five steps to become Mythos ready Oracle April 2026 Critical Patch Update Addresses 241 CVEs Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching Unlocking foundational visibility for cyber-physical systems with OT vulnerability management Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild The developer credential economy: Why exposure data is the new front line in the supply chain war Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 Supply chain attack on Axios npm package: Scope, impact, and remediations What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection Security for AI: A guide to managing the risks of vibe coding and AI in software development Meet Tenable Hexa AI: Agentic AI for exposure management
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
2026-04-15 · via Tenable Blog

April 14, 2026

6 Min Read


Tenable Research Special Operations blog header for the April 2026 Microsoft Patch Tuesday release covering zero-day vulnerabilities. The image features the Tenable logo, a gold hexagonal bandage icon representing patching, and bold text reading "Microsoft Patch Tuesday Zero Day Vulnerabilities, April 2026" against a white background framed by colorful diagonal stripes.

  1. 8Critical
  2. 154Important
  3. 1Moderate
  4. 0Low

Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.

Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second largest Patch Tuesday release, nearing the record set by the October 2025 Patch Tuesday release with 167 CVEs. Our counts omitted two non-Microsoft CVEs from this month's release.

A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in April 2026.

This month’s update includes patches for:

  • .NET
  • .NET and Visual Studio
  • .NET Framework
  • .NET,.NET Framework, Visual Studio
  • Applocker Filter Driver (applockerfltr.sys)
  • Azure Logic Apps
  • Azure Monitor Agent
  • Desktop Window Manager
  • Function Discovery Service (fdwsd.dll)
  • GitHub Copilot and Visual Studio Code
  • Microsoft Brokering File System
  • Microsoft Defender
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft High Performance Compute Pack (HPC)
  • Microsoft Management Console
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Power Apps
  • Microsoft PowerShell
  • Microsoft Windows
  • Microsoft Windows Search Component
  • Microsoft Windows Speech
  • Remote Desktop Client
  • Role: Windows Hyper-V
  • SQL Server
  • Universal Plug and Play (upnp.dll)
  • Windows Active Directory
  • Windows Admin Center
  • Windows Advanced Rasterization Platform
  • Windows Ancillary Function Driver for WinSock
  • Windows Biometric Service
  • Windows BitLocker
  • Windows Boot Loader
  • Windows Boot Manager
  • Windows Client Side Caching driver (csc.sys)
  • Windows Cloud Files Mini Filter Driver
  • Windows COM
  • Windows Common Log File System Driver
  • Windows Container Isolation FS Filter Driver
  • Windows Cryptographic Services
  • Windows Encrypting File System (EFS)
  • Windows File Explorer
  • Windows GDI
  • Windows Hello
  • Windows HTTP.sys
  • Windows IKE Extension
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel Memory
  • Windows Local Security Authority Subsystem Service (LSASS)
  • Windows LUAFV
  • Windows Management Services
  • Windows OLE
  • Windows Print Spooler Components
  • Windows Projected File System
  • Windows Push Notifications
  • Windows Recovery Environment Agent
  • Windows Redirected Drive Buffering
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Remote Procedure Call
  • Windows RPC API
  • Windows Sensor Data Service
  • Windows Server Update Service
  • Windows Shell
  • Windows Snipping Tool
  • Windows Speech Brokered Api
  • Windows SSDP Service
  • Windows Storage Spaces Controller
  • Windows TCP/IP
  • Windows TDI Translation Driver (tdx.sys)
  • Windows Universal Plug and Play (UPnP) Device Host
  • Windows USB Print Driver
  • Windows User Interface Core
  • Windows Virtualization-Based Security (VBS) Enclave
  • Windows WalletService
  • Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys)
  • Windows Win32K - GRFX
  • Windows Win32K - ICOMP

A bar chart showing the count by impact of CVEs patched in the April 2026 Patch Tuesday release.

Elevation of privilege (EoP) vulnerabilities accounted for 57.1% of the vulnerabilities patched this month, followed by information disclosure vulnerabilities and remote code execution (RCE) vulnerabilities at 12.3% each.

Important

CVE-2026-20945 and CVE-2026-32201 | Microsoft SharePoint Server Spoofing Vulnerability

CVE-2026-20945 and CVE-2026-32201 are spoofing vulnerabilities affecting Microsoft SharePoint. CVE-2026-20945 received a CVSSv3 score of 4.6, while CVE-2026-32201 received a score of 6.5. According to Microsoft, CVE-2026-32201 was exploited in the wild as a zero-day. Microsoft has released updates for SharePoint 2016, 2019 and SharePoint Server Subscription Edition to address these flaws.

Important

CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-33825 is an EoP vulnerability in Microsoft Defender. It received a CVSSv3 score of 7.8 and was rated important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available. While Microsoft’s advisory made no mention of public exploit code, the description appears to match a zero-day exploit, known as BlueHammer, with code posted to GitHub on April 3rd. A researcher using the alias "Chaotic Eclipse" released the exploit and expressed concern about Microsoft’s handling of the vulnerability disclosure process.

Critical

CVE-2026-33826 | Windows Active Directory Remote Code Execution Vulnerability

CVE-2026-33826 is a RCE vulnerability affecting Windows Active Directory. It received a CVSSv3 score of 8, was rated as critical and was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Successful exploitation requires an authenticated attacker to send a specially crafted RPC call to a vulnerable RPC host, resulting in code execution with the same permissions as the RPC host. Despite the exploitation assessment and severity, the Microsoft advisory does note that an attacker would need to be in the “same restricted Active Directory domain as the target system” in order to exploit this flaw.

Critical

CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

CVE-2026-33824 is a RCE affecting Windows Internet Key Exchange (IKE) Service Extensions. It received a CVSSv3 score of 9.8 and was rated as critical. This vulnerability can be exploited by an unauthenticated attacker by sending crafted packets to a target with IKE version 2 enabled. Microsoft’s advisory includes some mitigations that can be applied in the event immediate patching cannot be performed. This includes firewall rules for UDP ports 500 and 4500.

Important

CVE-2026-27913 | Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-27913 is a security feature bypass vulnerability affecting Windows BitLocker. It received a CVSSv3 score of 7.7 and was rated as important. Successful exploitation could allow an attacker to bypass Secure Boot, a UEFI firmware security feature used to allow only trusted and properly signed software runs during the startup process. While there’s no known exploitation of this vulnerability as of the time this blog was published, Microsoft assesses this vulnerability as “Exploitation More Likely.”

Important

CVE-2026-26151 | Remote Desktop Spoofing Vulnerability

CVE-2026-26151 is a spoofing vulnerability in Remote Desktop. It was assigned a CVSS v3 score of 7.1 and rated important. Microsoft assesses this vulnerability as more likely to be exploited. An attacker could exploit this vulnerability by convincing a target to open a crafted file. This vulnerability was credited to the United Kingdom's National Cyber Security Centre (NCSC).

Previously, users would not receive any warning when attempting to open a Remote Desktop Protocol (RDP) file. However, starting with the April 2026 Security Update, users will now receive more sufficient warning dialogues when interacting with potentially malicious RDP files. For more information, visit this link.

Tenable Solutions

A list of all the plugins released for Microsoft’s April 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.


Research Special Operations

Research Special Operations

The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.

  • Exposure Management
  • Vulnerability Scanning

Cybersecurity news you can use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

Fill out the form below to continue with a Nessus Pro trial.

Buy Nessus Pro

Adopt the gold standard in vulnerability assessment to find and fix security gaps across your IT environment.


1 year license

$4,790
*


Renew a license Find a reseller or distributor

  • Real-time vulnerability updates
  • Unlimited vulnerability scanning
  • Pre-built policies for configuration & compliance audits
  • Vulnerability scoring for prioritization
  • Configurable reports
  • Flexible deployment
Choose multi-year license and save

Save
with 2 years


$9,330.95*


Buy now

Save
with 3 years


$13,637.54*


Buy now

With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.

Advanced Support Plan Features

Phone Support

Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.

Chat Support

Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.

Tenable Community Support Portal

All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.

Initial Response Time

P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational: < 24 hr

Support Contacts

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Expand your vulnerability assessment with advanced functionality that includes web app scanning and external attack surface discovery scanning.


1 year license

$6,790
*


Renew a license Find a reseller or distributor

  • Real-time vulnerability updates
  • Unlimited vulnerability scanning
  • Web app scanning (5 FQDNs)
  • External attack surface discovery scanning (5 domains)
  • Pre-built policies for configuration & compliance audits
  • Vulnerability scoring for prioritization
  • Configurable reports
  • Flexible deployment
Choose multi-year license and save

Save
with 2 years


$13,208.13*


Buy now

Save
with 3 years


$19,304.19*


Buy now

With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.

Advanced Support Plan Features

Phone Support

Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.

Chat Support

Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.

Tenable Community Support Portal

All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.

Initial Response Time

P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational: < 24 hr

Support Contacts

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.