























April 14, 2026
6 Min Read

Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.
Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second largest Patch Tuesday release, nearing the record set by the October 2025 Patch Tuesday release with 167 CVEs. Our counts omitted two non-Microsoft CVEs from this month's release.

This month’s update includes patches for:

Elevation of privilege (EoP) vulnerabilities accounted for 57.1% of the vulnerabilities patched this month, followed by information disclosure vulnerabilities and remote code execution (RCE) vulnerabilities at 12.3% each.
Important
CVE-2026-20945 and CVE-2026-32201 are spoofing vulnerabilities affecting Microsoft SharePoint. CVE-2026-20945 received a CVSSv3 score of 4.6, while CVE-2026-32201 received a score of 6.5. According to Microsoft, CVE-2026-32201 was exploited in the wild as a zero-day. Microsoft has released updates for SharePoint 2016, 2019 and SharePoint Server Subscription Edition to address these flaws.
Important
CVE-2026-33825 is an EoP vulnerability in Microsoft Defender. It received a CVSSv3 score of 7.8 and was rated important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available. While Microsoft’s advisory made no mention of public exploit code, the description appears to match a zero-day exploit, known as BlueHammer, with code posted to GitHub on April 3rd. A researcher using the alias "Chaotic Eclipse" released the exploit and expressed concern about Microsoft’s handling of the vulnerability disclosure process.
Critical
CVE-2026-33826 is a RCE vulnerability affecting Windows Active Directory. It received a CVSSv3 score of 8, was rated as critical and was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Successful exploitation requires an authenticated attacker to send a specially crafted RPC call to a vulnerable RPC host, resulting in code execution with the same permissions as the RPC host. Despite the exploitation assessment and severity, the Microsoft advisory does note that an attacker would need to be in the “same restricted Active Directory domain as the target system” in order to exploit this flaw.
Critical
CVE-2026-33824 is a RCE affecting Windows Internet Key Exchange (IKE) Service Extensions. It received a CVSSv3 score of 9.8 and was rated as critical. This vulnerability can be exploited by an unauthenticated attacker by sending crafted packets to a target with IKE version 2 enabled. Microsoft’s advisory includes some mitigations that can be applied in the event immediate patching cannot be performed. This includes firewall rules for UDP ports 500 and 4500.
Important
CVE-2026-27913 is a security feature bypass vulnerability affecting Windows BitLocker. It received a CVSSv3 score of 7.7 and was rated as important. Successful exploitation could allow an attacker to bypass Secure Boot, a UEFI firmware security feature used to allow only trusted and properly signed software runs during the startup process. While there’s no known exploitation of this vulnerability as of the time this blog was published, Microsoft assesses this vulnerability as “Exploitation More Likely.”
Important
CVE-2026-26151 is a spoofing vulnerability in Remote Desktop. It was assigned a CVSS v3 score of 7.1 and rated important. Microsoft assesses this vulnerability as more likely to be exploited. An attacker could exploit this vulnerability by convincing a target to open a crafted file. This vulnerability was credited to the United Kingdom's National Cyber Security Centre (NCSC).
Previously, users would not receive any warning when attempting to open a Remote Desktop Protocol (RDP) file. However, starting with the April 2026 Security Update, users will now receive more sufficient warning dialogues when interacting with potentially malicious RDP files. For more information, visit this link.
A list of all the plugins released for Microsoft’s April 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.
For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.
Join Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
5 FQDNs
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Fill out the form below to continue with a Nessus Pro trial.
Adopt the gold standard in vulnerability assessment to find and fix security gaps across your IT environment.
1 year license
$4,790
*
Renew a license Find a reseller or distributor
With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.
Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.
Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.
All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.
P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational:
< 24 hr
Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Expand your vulnerability assessment with advanced functionality that includes web app scanning and external attack surface discovery scanning.
1 year license
$6,790
*
Renew a license Find a reseller or distributor
With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.
Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.
Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.
All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.
P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational:
< 24 hr
Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。