Patch Tuesday Special: April 2026
April 14th, 2026
Overview:
Microsoft’s April 14, 2026 Patch Tuesday addressed ~167 vulnerabilities, including eight critical issues (7 related to RCE, and 1 DoS) and two zero-days; one actively exploited and one publicly disclosed.
Vulnerability Category Breakdown:
Elevation of Privilege (EoP): ~93 vulnerabilities (~56%)
Remote Code Execution (RCE): ~20 vulnerabilities (~12%)
Information Disclosure: ~21 vulnerabilities (~13%)
Security Feature Bypass: ~13 vulnerabilities (~8%)
Denial of Service (DoS): ~10 vulnerabilities (~6%)
Spoofing: ~9 vulnerabilities (~5%)
Top 5:
1) CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability (Exploited in the wild / zero-day)
Why it matters: This is the standout issue this month because Microsoft says it was exploited in attacks prior to patching. Microsoft describes it as an improper input validation flaw in SharePoint that could let an unauthorized attacker spoof over the network and impact confidentiality and integrity.
Affected systems: Microsoft SharePoint Server environments.
Pivotalogic Priority Rating: 💥SHUT IT DOWN - Patch ASAP, especially for internet-facing or business-critical SharePoint deployments.
2) CVE-2026-33825: Microsoft Defender Elevation of Privilege Vulnerability (Publicly disclosed / zero-day)
Why it matters: This flaw was publicly disclosed before a fix was available and can grant SYSTEM privileges, which makes it valuable for local privilege escalation and post-compromise abuse. Microsoft says the fix is delivered through the Microsoft Defender Antimalware Platform update version 4.18.26050.3011.
Affected systems: Systems using Microsoft Defender on Windows.
Pivotalogic Priority Rating: 💥SHUT IT DOWN - Patch ASAP, by confirming Defender platform updates are in place across the
3) CVE-2026-33115 & CVE-2026-33114: Microsoft Word Remote Code Execution Vulnerabilities (Critical)
Why it matters: These are critical Word RCEs, and same-day reporting notes that Microsoft also fixed Office RCE flaws that can be triggered through the Preview Pane or by opening malicious documents. That makes Office once again a likely initial-access path for phishing-driven attacks.
Affected systems: Microsoft Word / Microsoft Office installations on user endpoints, shared admin systems, and terminal servers where Office is installed.
Pivotalogic Priority Rating: 💥SHUT IT DOWN - Patch immediately, with priority on users who routinely receive external attachments.
4) CVE-2026-33826: Windows Active Directory Remote Code Execution Vulnerability (Critical)
Why it matters: A critical RCE tied to Active Directory stands out because AD is foundational infrastructure. Issues here can have outsized enterprise impact if exploited successfully, especially in domain-heavy environments.
Affected systems: Windows Active Directory environments.
Pivotalogic Priority Rating: 💥SHUT IT DOWN - Patch immediately, particularly on domain controllers and other identity-critical systems.
5) CVE-2026-32157: Remote Desktop Client Remote Code Execution Vulnerability (Critical)
Why it matters: A critical RCE in the Remote Desktop Client deserves fast attention because remote access tooling is a high-value target and is often present on admin workstations and jump hosts. Even without confirmed exploitation, this is the kind of flaw defenders usually move up the queue quickly.
Affected systems: Systems running the Remote Desktop Client.
Pivotalogic Priority Rating: 🚨Yikes! - Patch within 72 hours, and sooner on privileged admin workstations and shared support systems.
Pivotalogic Priority Rating Scale:
💥SHUT IT DOWN (not literally) = Critical
🚨Yikes! = High
⚠️Welp. = Medium
💡Eh = Low
Full Microsoft Release Notes HERE