惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Exploit Database - CXSecurity.com
N
News and Events Feed by Topic
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
V
V2EX
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
小众软件
小众软件
A
Arctic Wolf
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
G
GRAHAM CLULEY
罗磊的独立博客
T
Tor Project blog
C
Cisco Blogs
美团技术团队
博客园 - Franky
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
Cyberwarzone
Cyberwarzone
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
有赞技术团队
有赞技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Latest
Security Latest
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
Spread Privacy
Spread Privacy
J
Java Code Geeks
C
CERT Recently Published Vulnerability Notes
大猫的无限游戏
大猫的无限游戏
S
Securelist
The Cloudflare Blog
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
阮一峰的网络日志
阮一峰的网络日志
雷峰网
雷峰网
Project Zero
Project Zero

Blog

CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike Why AI Projects Stall and How CIOs Can Respond | CrowdStrike CrowdStrike Leads 2026 Frost Radar for Cloud Runtime Security CrowdStrike Expands Identity Leadership with OpenID and IDPro CrowdStrike 2026 Report: China Fuels Attacks on Tech June 2026 Patch Tuesday: Updates and Analysis | CrowdStrike CrowdStrike and Zscaler Bring Continuous Identity Security to Zero Trust Access 3 Principles to Safely Scale Agentic AI | CrowdStrike ISO 42001:2023 and the New Reality of Cloud AI Data Risk How to Stop AI-Driven Data Loss | CrowdStrike CrowdStrike and NVIDIA Bring Enterprise-Grade Security to AI Factory CrowdStrike and NVIDIA Collaboration Scales AI-Native Agents Secure Shadow AI at the Control Plane with Falcon for IT CrowdStrike Named Leader in 2026 Gartner Magic Quadrant for Endpoint Protection Shadow AI: The Hidden Risk Expanding Across the Enterprise CrowdStrike Named a Leader in Identity Threat Detection and Response Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet Measuring AI-Enabled Success: 3 Trackable KPIs New Claude Integration Brings Audit Data to Falcon Platform How to Protect Identities and Sessions from Infostealers Now Live: CrowdStrike 2026 Financial Services Threat Landscape Report Falcon AIDR Detects Threats at Prompt Layer in Kubernetes AI Apps May 2026 Patch Tuesday: Updates and Analysis | CrowdStrike AI Threat Detection with Automated Leads | CrowdStrike CrowdStrike Named a Leader in Gartner Magic Quadrant for Cyberthreat Intelligence CrowdStrike Launches Falcon OverWatch for Defender CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns Tune In: The Future of AI-Powered Vulnerability Discovery Defending Against CORDIAL SPIDER and SNARKY SPIDER CrowdStrike Expands ChatGPT Enterprise Integration CrowdStrike Named a Leader in 2026 Frost & Sullivan Radar for CNAPP CrowdStrike Expands Real-Time CDR to Google Cloud CrowdStrike Falcon Cloud Security Delivers 264% ROI CrowdStrike Falcon Platform Achieves 441% ROI in Three Years CrowdStrike Introduces Shadow AI Visibility Service How Defenders Must Respond to Frontier AI | CrowdStrike Frontier AI for Defenders: CrowdStrike and OpenAI TAC How CrowdStrike Accelerates Exposure Evaluation Against Threats | Blog STARDUST CHOLLIMA Likely Compromises Axios npm Package Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse How Charlotte AI Agentworks Fuels Security's Agentic Ecosystem CrowdStrike Flex for Services Expands Access to Elite Security Expertise Falcon Data Security Secures Data Wherever It Lives and Moves CrowdStrike Advances CNAPP with Adversary-Informed Risk Prioritization CrowdStrike Services and Agentic MDR Put Agentic SOC in Reach
April 2026 Patch Tuesday: Updates and Analysis | CrowdStrike
2026-04-14 · via Blog

Microsoft has addressed 164 vulnerabilities in its April 2026 security update release, double the number of vulnerabilities in March 2026. These include one exploited zero-day vulnerability, one previously disclosed zero-day vulnerability, and eight Critical vulnerabilities.

This month's leading risk type by exploitation technique is elevation of privilege with 93 patches (57%). Remote code execution (RCE) and information disclosure followed with 20 patches each (12%).

Microsoft Windows received by far the most patches this month with 131 (80%), followed by Microsoft Office with 14, and Developer Tools with 8.

Exploited Zero-Day Vulnerability in Microsoft SharePoint Server

CVE-2026-32201 is an Important spoofing vulnerability affecting Microsoft SharePoint Server and has a CVSS score of 6.5. It has been exploited in the wild as a zero-day. This vulnerability allows unauthenticated remote attackers to perform spoofing by exploiting an improper input validation flaw (CWE-20) in Microsoft Office SharePoint. No user interaction is required and attack complexity is low.

An attacker that successfully exploits this vulnerability could view sensitive information and make changes to disclosed information, impacting both confidentiality and integrity of the affected system. Availability is not impacted. An official fix is available for customers to deploy.

Table 1. Exploited zero-day vulnerability in Microsoft SharePoint Server
SeverityCVSS ScoreCVEDescription
Important6.5CVE-2026-32201Microsoft SharePoint Server Spoofing Vulnerability

Disclosed Zero-Day Vulnerability in Microsoft Defender

CVE-2026-33825 is an Important elevation of privilege vulnerability affecting Microsoft Defender and has a CVSS score of 7.8. This vulnerability allows local attackers with low privileges to elevate their privileges by exploiting an insufficient granularity of access control flaw (CWE-1220) in Microsoft Defender. It requires no user interaction and has low attack complexity. An attacker that successfully exploits this vulnerability could gain SYSTEM privileges.

This vulnerability had been publicly disclosed prior to a patch being released, though there is no evidence of exploitation in the wild. Proof-of-concept exploit code exists, and Microsoft assesses exploitation as more likely. An official fix is available for customers to deploy, though for some systems this update will be installed automatically with no action required. It is presumed this is the CVE for the BlueHammer exploit released on April 2, 2026, though there is no official confirmation at the time this blog was written.

Table 2. Disclosed zero-day vulnerability in Microsoft Defender
SeverityCVSS ScoreCVEDescription
Important7.8CVE-2026-33825Microsoft Defender Elevation of Privilege Vulnerability

Critical Vulnerability in Windows TCP/IP

CVE-2026-33827 is a Critical remote code execution vulnerability affecting Windows TCP/IP and has a CVSS score of 8.1. This vulnerability allows unauthenticated remote attackers to execute arbitrary code by exploiting a race condition flaw (CWE-362) in the Windows TCP/IP stack. It requires no user interaction, though it carries high attack complexity.

An unauthenticated attacker could exploit this vulnerability by sending a specially crafted IPv6 packet to a Windows node where IPSec is enabled. Successful exploitation requires the attacker to win a race condition and take additional preparatory actions to configure the target environment prior to exploitation. An official fix is available for customers to deploy.

Table 3. Critical vulnerability in Windows TCP/IP
SeverityCVSS ScoreCVEDescription
Critical8.1CVE-2026-33827Windows TCP/IP Remote Code Execution Vulnerability

Critical Vulnerability in Windows Internet Key Exchange (IKE) Service Extensions

CVE-2026-33824 is a Critical remote code execution vulnerability affecting Windows Internet Key Exchange (IKE) Service Extensions and has a CVSS score of 9.8. It allows unauthenticated remote attackers to execute arbitrary code by exploiting a double free flaw (CWE-415) in the Windows IKE Extension. No user interaction is required and attack complexity is low.

An unauthenticated attacker could exploit this vulnerability by sending specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, which could enable remote code execution on the target system. An official fix is available for customers to deploy.

For customers who cannot immediately apply the update, Microsoft recommends blocking inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE, or restricting inbound traffic on those ports to known peer addresses only for systems that require IKE. Note that these mitigations reduce attack surface but do not replace applying the security update.

Table 4. Critical vulnerability in Windows Internet Key Exchange (IKE) Service Extensions
SeverityCVSS ScoreCVEDescription
Critical9.8CVE-2026-33824Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

Critical Vulnerability in Remote Desktop Client

CVE-2026-32157 is a Critical remote code execution vulnerability affecting Remote Desktop Client and has a CVSS score of 8.8. This vulnerability allows unauthenticated remote attackers to execute arbitrary code by exploiting a use-after-free flaw (CWE-416) in the Remote Desktop Client. It requires user interaction and has low attack complexity.

An attacker with control of a malicious Remote Desktop Server could exploit this vulnerability by enticing a victim to connect to the attacker-controlled server using a vulnerable Remote Desktop Client. Upon connection, the attacker could trigger remote code execution on the victim's machine. The attack targets the client side of the Remote Desktop connection, meaning the risk lies with users initiating connections to untrusted or compromised servers. An official fix is available for customers to deploy.

Table 5. Critical vulnerability in Remote Desktop Client
SeverityCVSS ScoreCVEDescription
Critical8.8CVE-2026-32157Remote Desktop Client Remote Code Execution Vulnerability

Critical Vulnerabilities in Microsoft Office and Microsoft Word

CVE-2026-32190, CVE-2026-33114, and CVE-2026-33115 are Critical remote code execution vulnerabilities affecting Microsoft Office and Microsoft Word, all with a CVSS score of 8.4. These vulnerabilities allow unauthenticated attackers to execute arbitrary code by exploiting a use-after-free flaw (CVE-2026-32190 and CVE-2026-33115) and an untrusted pointer dereference flaw (CVE-2026-33114) in Microsoft Office components. None of the three vulnerabilities requires user interaction, and all have low attack complexity. While no user interaction is required, an attacker would still need to cause a crafted file to be saved on a victim system.

The Preview Pane is an attack vector for all three vulnerabilities. As such, an attacker could create a specially crafted file that executes malicious code on the victim's machine simply through the preview pane, without requiring the victim to open the file. An official fix is available for customers to deploy.

Table 6. Critical vulnerabilities in Microsoft Office and Microsoft Word
SeverityCVSS ScoreCVEDescription
Critical8.4CVE-2026-32190Microsoft Office Remote Code Execution Vulnerability
Critical8.4CVE-2026-33114Microsoft Word Remote Code Execution Vulnerability
Critical8.4CVE-2026-33115Microsoft Word Remote Code Execution Vulnerability

Critical Vulnerability in Windows Active Directory

CVE-2026-33826 is a Critical remote code execution vulnerability affecting Windows Active Directory and has a CVSS score of 8.0. This vulnerability allows authenticated attackers to execute arbitrary code by exploiting an improper input validation flaw (CWE-20) in Windows Active Directory. It requires no user interaction and has low attack complexity.

An authenticated attacker could exploit this vulnerability by sending a specially crafted RPC call to an RPC host, potentially resulting in remote code execution on the server side with the same permissions as the RPC service. Successful exploitation requires the attacker to be within the same restricted Active Directory domain as the target system. An official fix is available for customers to deploy.

Table 7. Critical vulnerability in Windows Active Directory
SeverityCVSS ScoreCVEDescription
Critical8.0CVE-2026-33826Windows Active Directory Remote Code Execution Vulnerability

Critical Vulnerability in .NET Framework

CVE-2026-23666 is a Critical denial-of-service (DoS) vulnerability affecting the .NET Framework and has a CVSS score of 7.5. This vulnerability allows unauthenticated remote attackers to exploit an improper handling of exceptional conditions flaw (CWE-755) to cause a DoS condition on affected systems. It requires no user interaction and has low attack complexity. An official fix is available for customers to deploy.

Table 8. Critical vulnerability in Microsoft .NET Framework
SeverityCVSS ScoreCVEDescription
Critical7.5CVE-2026-23666.NET Framework Denial of Service Vulnerability

Patch Tuesday Dashboard in the Falcon Platform

For a visual overview of the systems impacted by this month’s vulnerabilities, you can use our Patch Tuesday dashboard. This can be found in the CrowdStrike Falcon® platform within the Exposure Management > Vulnerability Management > Dashboards page. The preset dashboards show the most recent three months of Patch Tuesday vulnerabilities.

Not All Relevant Vulnerabilities Have Patches: Consider Mitigation Strategies

As we have learned with other notable vulnerabilities, such as Log4j, not every highly exploitable vulnerability can be easily patched. As is the case for the ProxyNotShell vulnerabilities, it’s critically important to develop a response plan for how to defend your environments when no patching protocol exists. 

Regular review of your patching strategy should still be a part of your program, but you should also look more holistically at your organization's methods for cybersecurity and improve your overall security posture.

Learn More

The CrowdStrike Falcon platform regularly collects and analyzes trillions of endpoint events every day from millions of sensors deployed across 176 countries. Watch this demo to see the Falcon platform in action.

Learn more about how CrowdStrike Falcon® Exposure Management can help you quickly and easily discover and prioritize vulnerabilities and other types of exposures here.

About CVSS Scores

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard that CrowdStrike and many other cybersecurity organizations use to assess and communicate software vulnerabilities’ severity and characteristics. The CVSS Base Score ranges from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds a severity rating for CVSS scores. Learn more about vulnerability scoring in this article

Additional Resources