Blog

Microsoft Patch Tuesday – April 2026

10 min. read
14/04/2026
By Esben Dochy
Patch Tuesday

Contents

Microsoft Patch Tuesday

⚡ TL;DR | Go Straight to the April 202Patch Tuesday Audit Report

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The April 2026 edition of Patch Tuesday brings us 171 fixes, with 8 rated as critical. We’ve listed the most important changes below.

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2026-32201 is the only actively exploited vulnerability in this month’s release. The flaw stems from improper input validation in Microsoft Office SharePoint, allowing an unauthenticated attacker to perform spoofing over a network with no user interaction required. Microsoft has confirmed exploitation in the wild, so despite the moderate CVSS score of 6.5, this one should be at the top of every SharePoint admin’s patching queue.

Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-33825 is the sole publicly disclosed vulnerability this month and is also rated as “Exploitation More Likely.” The issue lies in insufficient access control granularity within Microsoft Defender, allowing an authenticated attacker with low-level privileges to elevate locally. With a CVSS score of 7.8 and public disclosure putting this squarely on the radar of threat actors, patching is urgent. It is somewhat ironic that an endpoint security product is itself the weak link this time around.

Windows Active Directory Remote Code Execution Vulnerability

CVE-2026-33826 is a critical remote code execution flaw in Windows Active Directory caused by improper input validation. An authenticated attacker with low privileges can execute arbitrary code over an adjacent network without any user interaction. At a CVSS score of 8.0 and rated “Exploitation More Likely,” this vulnerability poses serious risk to enterprise environments where Active Directory is the backbone of identity and access management. The adjacent-network requirement limits mass exploitation over the internet, but internal network compromise scenarios, such as a lateral move after initial access, make this a high-priority fix.

Run the Patch Tuesday April 2026 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Run the April Patch Tuesday Audit

Patch Tuesday April 2026 CVE Codes & Titles

CVETitle
CVE-2023-20585AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability
CVE-2025-6965Integer Truncation on SQLite
CVE-2026-0390UEFI Secure Boot Security Feature Bypass Vulnerability
CVE-2026-20806Windows COM Server Information Disclosure Vulnerability
CVE-2026-20928Windows Recovery Environment Security Feature Bypass Vulnerability
CVE-2026-20930Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20945Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-21637HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers
CVE-2026-23653GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVE-2026-23657Microsoft Word Remote Code Execution Vulnerability
CVE-2026-23666.NET Framework Denial of Service Vulnerability
CVE-2026-23670Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2026-25184Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
CVE-2026-25250MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
CVE-2026-26143Microsoft PowerShell Remote Code Execution Vulnerability
CVE-2026-26149Microsoft Power Apps Remote Code Execution Vulnerability
CVE-2026-26151Remote Desktop Spoofing Vulnerability
CVE-2026-26152Windows Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-26153Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
CVE-2026-26154Windows Server Update Service Denial of Service Vulnerability
CVE-2026-26155Windows Local Security Authority Subsystem Service (LSASS) Information Disclosure Vulnerability
CVE-2026-26156Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-26159Windows Remote Desktop Licensing Service Elevation of Privilege Vulnerability
CVE-2026-26160Windows Remote Desktop Licensing Service Elevation of Privilege Vulnerability
CVE-2026-26161Windows Sensor Data Service Elevation of Privilege Vulnerability
CVE-2026-26162Windows OLE Elevation of Privilege Vulnerability
CVE-2026-26163Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26165Windows Shell Elevation of Privilege Vulnerability
CVE-2026-26166Windows Shell Elevation of Privilege Vulnerability
CVE-2026-26167Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26168Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26169Windows Kernel Memory Information Disclosure Vulnerability
CVE-2026-26170Microsoft PowerShell Elevation of Privilege Vulnerability
CVE-2026-26171.NET Denial of Service Vulnerability
CVE-2026-26172Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26173Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26174Windows Server Update Service Elevation of Privilege Vulnerability
CVE-2026-26175Windows Boot Manager Information Disclosure Vulnerability
CVE-2026-26176Windows Client Side Caching Driver (csc.sys) Elevation of Privilege Vulnerability
CVE-2026-26177Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26178Windows Advanced Rasterization Platform Remote Code Execution Vulnerability
CVE-2026-26179Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26180Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26181Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-26182Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26183Windows RPC API Elevation of Privilege Vulnerability
CVE-2026-26184Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-27906Windows Hello Security Feature Bypass Vulnerability
CVE-2026-27907Windows Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2026-27908Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
CVE-2026-27909Windows Search Service Elevation of Privilege Vulnerability
CVE-2026-27910Windows Installer Elevation of Privilege Vulnerability
CVE-2026-27911Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-27912Windows Kerberos Elevation of Privilege Vulnerability
CVE-2026-27913Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-27914Microsoft Management Console Elevation of Privilege Vulnerability
CVE-2026-27915Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27916Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27917Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
CVE-2026-27918Windows Shell Elevation of Privilege Vulnerability
CVE-2026-27919Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27920Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27921Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
CVE-2026-27922Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-27923Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27924Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27925Windows UPnP Device Host Information Disclosure Vulnerability
CVE-2026-27926Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27927Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-27928Windows Hello Spoofing Vulnerability
CVE-2026-27929Windows LUAFV Elevation of Privilege Vulnerability
CVE-2026-27930Windows GDI Information Disclosure Vulnerability
CVE-2026-27931Windows GDI Information Disclosure Vulnerability
CVE-2026-32068Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32069Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32070Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-32071Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2026-32072Active Directory Spoofing Vulnerability
CVE-2026-32073Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-32074Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32075Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-32076Windows Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2026-32077Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-32078Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32079Web Account Manager Information Disclosure Vulnerability
CVE-2026-32080Windows WalletService Elevation of Privilege Vulnerability
CVE-2026-32081Package Catalog Information Disclosure Vulnerability
CVE-2026-32082Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32083Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32084Windows File Explorer Information Disclosure Vulnerability
CVE-2026-32085Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-32086Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32087Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32088Windows Biometric Service Elevation of Privilege Vulnerability
CVE-2026-32089Windows Speech Brokered Api Elevation of Privilege Vulnerability
CVE-2026-32090Windows Speech Brokered Api Elevation of Privilege Vulnerability
CVE-2026-32091Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-32093Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32149Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2026-32150Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32151Windows Shell Information Disclosure Vulnerability
CVE-2026-32152Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-32153Windows Speech Elevation of Privilege Vulnerability
CVE-2026-32154Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-32155Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-32156Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-32157Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-32158Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-32159Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-32160Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-32162Windows COM Elevation of Privilege Vulnerability
CVE-2026-32163Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32164Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32165Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32167SQL Server Elevation of Privilege Vulnerability
CVE-2026-32168Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2026-32171Azure Logic Apps Remote Code Execution Vulnerability
CVE-2026-32176SQL Server Elevation of Privilege Vulnerability
CVE-2026-32178.NET Spoofing Vulnerability
CVE-2026-32181Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2026-32183Windows Snipping Tool Remote Code Execution Vulnerability
CVE-2026-32184Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
CVE-2026-32188Microsoft Excel Information Disclosure Vulnerability
CVE-2026-32189Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32190Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32192Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2026-32195Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-32196Windows Admin Center Spoofing Vulnerability
CVE-2026-32197Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32198Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32199Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32200Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2026-32201Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-32202Windows Shell Spoofing Vulnerability
CVE-2026-32203.NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32212Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32214Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32215Windows Kernel Information Disclosure Vulnerability
CVE-2026-32216Windows Redirected Drive Buffering System Denial of Service Vulnerability
CVE-2026-32217Windows Kernel Information Disclosure Vulnerability
CVE-2026-32218Windows Kernel Information Disclosure Vulnerability
CVE-2026-32219Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-32220UEFI Secure Boot Security Feature Bypass Vulnerability
CVE-2026-32221Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-32222Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-32223Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
CVE-2026-32224Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2026-32225Windows Shell Security Feature Bypass Vulnerability
CVE-2026-32226.NET Framework Denial of Service Vulnerability
CVE-2026-32631GitHub: CVE-2026-32631 Git for Windows credential helper URI mishandling
CVE-2026-33095Microsoft Word Remote Code Execution Vulnerability
CVE-2026-33096Windows HTTP.sys Denial of Service Vulnerability
CVE-2026-33098Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2026-33099Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-33100Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-33101Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2026-33103Microsoft Dynamics 365 (on-premises) Information Disclosure Vulnerability
CVE-2026-33104Win32k Elevation of Privilege Vulnerability
CVE-2026-33114Microsoft Word Remote Code Execution Vulnerability
CVE-2026-33115Microsoft Word Remote Code Execution Vulnerability
CVE-2026-33116.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33120Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2026-33822Microsoft Word Information Disclosure Vulnerability
CVE-2026-33824Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
CVE-2026-33825Microsoft Defender Elevation of Privilege Vulnerability
CVE-2026-33826Windows Active Directory Remote Code Execution Vulnerability
CVE-2026-33827Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33829Windows Snipping Tool Spoofing Vulnerability

Blog

Other articles in this category
All the articles

Ready to get started?

Explore the full platform, free for 14 days.
No credit card required.

Start free Book a demo
Need help evaluating?
Get guidance on pricing at scale and enterprise requirements.
Talk to sales
Clear pricing as you grow
Transparent plans that scale with your environment.
View plans & pricing