InfoSecBulletin Cybersecurity for mankind
Microsoft’s April 2026 security update has fixed 167 flaws in its products. This update includes 2 serious zero-day threats and another flaw that needs urgent attention from organizations.
Zero-Day Under Active Exploitation
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The main flaw this month is CVE-2026-32201, a flaw in Microsoft SharePoint Server that is being actively used for attacks.
This flaw is rated as Important. It lets attackers trick SharePoint users. This is a big risk for companies using SharePoint for documents and teamwork. Security teams should apply the fix right away, as it has already been used in attacks.
CVE-2026-33825 is a Microsoft Defender security issue that was shared with the public before this update. No one has used this problem yet, but since people can easily find information about it, the chance of someone misusing it soon is higher. This makes fixing it very important.
Of the 168 vulnerabilities patched this month, the distribution by attack type is as follows:’
| Impact | Count |
|---|---|
| Elevation of Privilege | 93 |
| Information Disclosure | 21 |
| Remote Code Execution | 20 |
| Security Feature Bypass | 13 |
| Denial of Service | 10 |
| Spoofing | 8 |
| Tampering | 2 |
| Defense in Depth | 1 |
| Total | 168 |
Critical RCE Vulnerabilities Patched
Among the eight Critical-rated flaws, seven are Remote Code Execution (RCE) vulnerabilities. This shows how serious this month’s updates are.
CVE-2026-33827: Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33826: Windows Active Directory Remote Code Execution Vulnerability
CVE-2026-33824: Windows Internet Key Exchange (IKE) Service Extensions RCE
CVE-2026-33115 & CVE-2026-33114: Microsoft Word Remote Code Execution (two separate flaws)
CVE-2026-32190 :Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32157: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-23666: .NET Framework Denial of Service Vulnerability (Critical-rated)
The Windows TCP/IP and Active Directory RCE issues are very concerning because attackers can use them over the network without needing anyone to do anything in some setups.
This month, there are updates for many Microsoft products and services. These include Windows Kernel (several EoP issues), Windows Print Spooler, Windows LSASS, Windows Hyper-V, Remote Desktop Licensing Service, Azure Monitor Agent, Azure Logic Apps, Microsoft SQL Server, SharePoint Server, PowerShell, GitHub Copilot, and Visual Studio Code.
The Windows UPnP Device Host got many EoP updates, showing stronger security for Windows networking systems.
Security and IT teams should take the following steps immediately:
To Prioritize CVE-2026-32201 (SharePoint) as an emergency patch given confirmed exploitation
To Address CVE-2026-33825 (Microsoft Defender) due to its public disclosure status
To Deploy all Critical-rated RCE patches, particularly for Windows TCP/IP, Active Directory, and Remote Desktop Client
To Review and patch .NET Framework and Office components to block local and document-based attack vectors
To Audit systems for WSUS and BitLocker bypass vulnerabilities (CVE-2026-32224, CVE-2026-27913), which could undermine update delivery and disk encryption integrity.
Security teams need to install all patches from April 2026 right away, especially for CVE-2026-32201.
