Microsoft has released patches for 167 security vulnerabilities in its Windows operating systems and related software, including a zero-day flaw in SharePoint Server and a publicly disclosed weakness in Windows Defender known as "BlueHammer." A notable vulnerability, CVE-2026-32201, is being actively targeted by attackers, allowing them to exploit Microsoft SharePoint Server. Google Chrome has also fixed its fourth zero-day vulnerability of 2026, while an emergency update for Adobe Reader addresses a flaw that can lead to remote code execution. The exploitation status of CVE-2026-32201 is currently being discussed by Microsoft, determining whether this is a patch-now or monitor situation1. This matters to security practitioners because the active exploitation of CVE-2026-32201 necessitates prompt attention to prevent potential attacks, making it crucial to prioritize patching or monitoring to mitigate the risk.
Patch Tuesday, April 2026 Edition
⚠️ Critical Alert
Why This Matters
CVE-2026-32201 is in active discussion involving Microsoft — exploitation status determines whether this is patch-now or monitor.
References
- Krebs. (2026, April 14). Patch Tuesday, April 2026 Edition. *Krebs on Security*. https://krebsonsecurity.com/2026/04/patch-tuesday-april-2026-edition/
Original Source
Krebs on Security
Read original →