CVE-2026-33825
published 2026-04-14CVE-2026-33825: Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
PriorityP188high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2026-05-06
Exploited in the wild
EPSS
6.75%
93.2th percentile
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | defender_antimalware_platform | < 4.18.26030.3011 | 4.18.26030.3011 |
| microsoft | microsoft_defender_antimalware_platform | >= 4.0.0.0 < 4.18.26030.3011 | 4.18.26030.3011 |
Detection & IOCsextracted from sources · hover to see the quote
- →The BlueHammer (CVE-2026-33825) exploit was publicly released by researcher 'Chaotic Eclipse' (GitHub account 'MSNightmare'); monitor for PoC exploit execution targeting Microsoft Defender for local privilege escalation. ↗
- →Suspicious FortiGate SSL VPN access from a Russia-geolocated source IP was observed tied to environments where CVE-2026-33825 was exploited; correlate VPN anomalies with Defender LPE exploitation. ↗
- →The RedSun exploit (related Defender zero-day) abuses the Cloud Files API, uses an oplock to win a volume shadow copy race, and uses a directory junction/reparse point to overwrite C:\Windows\system32\TieringEngineService.exe; monitor for unexpected writes to that path and oplock/junction abuse. ↗
- →Check Point IPS signature available for the related Apache ActiveMQ flaw exploited in the same threat wave; ensure IPS coverage is current for the broader campaign context. ↗
- ·FCEB agencies were ordered to patch CVE-2026-33825 by May 7 per CISA KEV directive; the two-week remediation window has operational implications for patch prioritization. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
cisa·2026-04-22·CVSS 7.8
CVE-2026-33825 [HIGH] CWE-1220 Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Vulnerability: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Affected: Microsoft Defender
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33825
Remediation Due Date: 2026-05-06
VulDB
Microsoft Defender Antimalware Platform prior 4.18.26030.3011 insufficient granularity of access control
vuldb·2026-04-14·CVSS 7.8
CVE-2026-33825 [HIGH] Microsoft Defender Antimalware Platform prior 4.18.26030.3011 insufficient granularity of access control
A vulnerability classified as critical has been found in Microsoft Defender Antimalware Platform. Affected by this issue is some unknown functionality. The manipulation leads to insufficient granularity of access control.
This vulnerability is referenced as CVE-2026-33825. The attack can only be performed from a local environment. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-8vp7-4rmv-4868: Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2026-04-14
CVE-2026-33825 [HIGH] CWE-1220 GHSA-8vp7-4rmv-4868: Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
VulnCheck
Microsoft microsoft_defender Insufficient Granularity of Access Control
vulncheck·2026·CVSS 7.8
CVE-2026-33825 [HIGH] Microsoft microsoft_defender Insufficient Granularity of Access Control
Microsoft microsoft_defender Insufficient Granularity of Access Control
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Affected: Microsoft microsoft_defender
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://x.com/HuntressLabs/status/2044882050314817880
No detection rules found.
No public exploits indexed.
Hackernews
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
blogs_hackernews·2026-06-17·CVSS 7.8
CVE-2026-50656 [HIGH] Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet .
The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.
"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as 'RoguePlanet,'" the company said. "We are working to provide a high-quality security update that addresses this vulnerability."
Hackernews
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
blogs_hackernews·2026-06-10
CVE-2026-33825 Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet .
"The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account "MSNightmare" said . "I have managed to get a 100% success rate on some machines while it struggled to work on others."
Should the exploit succeed, the result is a shell with SYSTEM-level privileges, granting the attacker
Bleepingcomputer
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
blogs_bleepingcomputer·2026-06-10·CVSS 7.8
CVE-2026-45585 [HIGH] Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
## Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
## Sergiu Gatlan
The third zero-day patched yesterday is known as YellowKey (tracked as CVE-2026-45585 ) and acts as a backdoor in the Windows Recovery Environment (WinRE), which is used to repair boot-related issues in Windows.
Attackers with physical access to the targeted devices can use a YellowKey exploit to bypass BitLocker protection on unpatched Windows 11 and Windows Server 2022/2025 systems.
Microsoft shared mitigation measures for YellowKey to defend against potential attacks that exploit it in the wild, while also complaining that the proof-of-concept had "been made public violating coordinated vulnerability best practices."
On Tuesday, Microsoft fixed the GreenPlasma, MiniPlasma, and YellowKey security vuln
Tenable
Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)
blogs_tenable·2026-06-09·CVSS 9.1
CVE-2026-49160 [CRITICAL] Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)
## Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)
32 Critical
166 Important
0 Moderate
0 Low
Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days.
Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs that were already addressed by Microsoft via servicing and do not require additional customer action to resolve as well as 2 CVEs that were disclosed by other CNAs (CVE-2025-10263 and CVE-2026-8863). This Patch Tuesday release is the largest release since the Patch Tuesday program began, smashing the previous record of 167 CVEs in the October 2025 Patch Tuesday release.
This month’s update includes patches for:
.NET
Rapid7
Patch Tuesday - June 2026
blogs_rapid7·2026-06-09·CVSS 7.8
CVE-2026-33825 [HIGH] Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update G
Bleepingcomputer
Critical Windows Netlogon RCE flaw now exploited in attacks
blogs_bleepingcomputer·2026-06-01·CVSS 7.8
CVE-2026-41089 [HIGH] Critical Windows Netlogon RCE flaw now exploited in attacks
## Critical Windows Netlogon RCE flaw now exploited in attacks
## Sergiu Gatlan
"An attacker could send a specially crafted network request to a Windows server that is acting as a domain controller," it said. "If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access."
CVE-2026-41089 impacts all currently supported Windows Server versions, including the latest release, Windows Server 2025.
According to a security advisory published by the company on May 12, the vulnerability was discovered by Windows Attack Research & Protection (WARP), an internal offensive cybersecurity and engineering research team at Microsoft.
On Friday, Belgium's natio
Hackernews
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
blogs_hackernews·2026-05-28·CVSS 7.8
CVE-2026-33825 [HIGH] Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed.
The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day vulnerabilities affecting multiple Windows components, including Defender and BitLocker, over the past month, citing a breakdown in Microsoft's handling of
Bleepingcomputer
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
blogs_bleepingcomputer·2026-05-17·CVSS 7.8
CVE-2026-33825 [HIGH] New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
## New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
## Lawrence Abrams
Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work in the latest Windows 11 Insider Preview Canary build.
The exploit appears to abuse how the Windows Cloud Filter driver handles registry key creation through an undocumented CfAbortHydration API. Forshaw's original report said that the flaw could allow arbitrary registry keys to be created in the .DEFAULT user hive without proper access checks, potentially enabling privilege escalation.
While Microsoft reports having fixed the bug as part of its December 2020 Microsoft Patch Tuesday , Chaotic Eclipse
Hackernews
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
blogs_hackernews·2026-05-14
CVE-2026-33825 Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON).
The security defects have been codenamed YellowKey and GreenPlasma , respectively, by the researcher, who goes by the online aliases Chaotic Eclipse and Nightmare-Eclipse.
The researcher described YellowKey as "one of the most insane discoveries I ever found," likening the BitLocker bypass to functioning
Bleepingcomputer
CISA orders feds to patch BlueHammer flaw exploited as zero-day
blogs_bleepingcomputer·2026-04-23·CVSS 7.8
CVE-2026-33825 [HIGH] CISA orders feds to patch BlueHammer flaw exploited as zero-day
## CISA orders feds to patch BlueHammer flaw exploited as zero-day
## Sergiu Gatlan
Chaotic Eclipse also disclosed a second Microsoft Defender privilege escalation flaw (dubbed RedSun ) and a third flaw (known as UnDefend ) that can be exploited as a standard user to block Defender definition updates.
At the time of the leak, all three vulnerabilities were considered zero-days by Microsoft's definition , since they had no official patches.
Additionally, as Huntress Labs security researchers revealed on April 16, attackers had also been exploiting these zero-days in attacks that showed evidence of "hands-on-keyboard threat actor activity."
"The activity also appeared to be part of a broader intrusion rather than isolated proof-of-concept (PoC) testing," the cybersecurity company said i
Checkpoint
20th April – Threat Intelligence Report
blogs_checkpoint·2026-04-20
CVE-2026-34197 20th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data linked to some customers. Exposed information included names, email addresses, phone numbers, physical addresses, and booking details, creating phishing risk, while the company reset reservation PI
Huntress
Nightmare-Eclipse Tooling Seen in Real-World Intrusion
blogs_huntress·2026-04-20·CVSS 7.8
CVE-2026-33825 [HIGH] Nightmare-Eclipse Tooling Seen in Real-World Intrusion
Acknowledgments: Special thanks to Dani Lopez, Tanner Filip, Anton Ovrutsky, Lindsey O’Donnell-Welch, and John Hammond for their contributions to this investigation and write-up. This article was also written with AI assistance.
TL;DR : Huntress has observed the use of Nightmare-Eclipse tooling, including BlueHammer, RedSun, and UnDefend, during a real-world intrusion investigation. In the clearest case, the activity included suspicious binaries staged in user-writable directories, hands-on-keyboard reconnaissance, likely compromised FortiGate SSL VPN access, and follow-on tunneling behavior. Organizations should review VPN logs, investigate the artifacts and paths below, and treat any confirmed execution as high-priority incident activity.
## Background
To understand the activity Huntr
Bleepingcomputer
Recently leaked Windows zero-days now exploited in attacks
blogs_bleepingcomputer·2026-04-17·CVSS 7.8
CVE-2026-33825 [HIGH] Recently leaked Windows zero-days now exploited in attacks
## Recently leaked Windows zero-days now exploited in attacks
## Sergiu Gatlan
At the time of the leak, the security flaws these exploits targeted were considered zero-days by Microsoft's definition , since they had no official patches or updates to address them.
On Thursday, Huntress Labs security researchers reported seeing all three zero-day exploits deployed in the wild, with the BlueHammer vulnerability being exploited since April 10.
They also spotted UnDefend and RedSun exploits on a Windows device that was breached using a compromised SSLVPN user, in attacks showing evidence of "hands-on-keyboard threat actor activity."
"The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques," the researchers said.
## Two zero-da
Hackernews
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
blogs_hackernews·2026-04-17·CVSS 7.8
CVE-2026-33825 [HIGH] Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.
The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun , and UnDefend , all of which were released as zero-days by a researcher known as Chaotic Eclipse (aka Nightmare-Eclipse) in response to Microsoft's handling of the vulnerability disclosure process.
While both BlueHammer and RedSun are local privilege escalati
Bleepingcomputer
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
blogs_bleepingcomputer·2026-04-16·CVSS 7.8
[HIGH] New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
## New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
## Lawrence Abrams
"The PoC abuses this behaviour to overwrite system files and gain administrative privileges."
Will Dormann, principal vulnerability analyst at Tharros, has confirmed to BleepingComputer that the exploit for the new Microsoft Defender RedSun zero-day works and grants SYSTEM privileges on fully patched Windows 10, Windows 11, and Windows Server 2019 and later.
"This Exploit uses the 'Cloud Files API', writes EICAR to a file using it, uses an oplock to win a volume shadow copy race, and uses a directory junction/reparse point to redirect the file rewrite (with new contents) to C:\Windows\system32\TieringEngineService.exe," Dormann wrote in a thread on Mastodon .
"At this point, the Cloud Files Inf
Hackernews
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
blogs_hackernews·2026-04-16
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for.
Not all bad though. Some threat actors got exposed with receipts, a few platforms finally tightened things up, and there's research in here that's genuinely worth
Hackernews
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
blogs_hackernews·2026-04-15·CVSS 7.5
[HIGH] Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities.
Also inclu
Tenable
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
blogs_tenable·2026-04-14·CVSS 6.5
[MEDIUM] Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
blogs_bleepingcomputer·2026-04-14·CVSS 6.5
[MEDIUM] Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Lawrence Abrams
Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw.
The number of bugs in each vulnerability category is listed below:
93 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
20 Remote Code Execution Vulnerabilities
21 Information Disclosure Vulnerabilities
10 Denial of Service Vulnerabilities
9 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the
Talos
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
blogs_talos·2026-04-14·CVSS 7.5
CVE-2026-23666 [HIGH] Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
## Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
Microsoft has released its monthly security update for April 2026, which includes 165 vulnerabilities affecting a wide range of products, including eight Microsoft marked as “critical.”
CVE-2026-23666 is a critical Denial of Service (DoS) vulnerability that affects the .NET framework. Successful exploitation could allow the attacker to deny service over the network.
CVE-2026-32157 is a critical use after free vulnerability in the Remote Desktop Client that results in code execution. Attack requires an authorized user on the client to connect to a malicious server, which could result in code execution on the client.
CVE-2026-32190 is a critical user after free vulnerability in Microsoft Office that can
Krebs
Patch Tuesday, April 2026 Edition
blogs_krebs·2026-04-14·CVSS 6.5
CVE-2026-3220 [MEDIUM] Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “ BlueHammer .” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.
Redmond warns that attackers are already targeting CVE-2026-32201 , a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.
Mike Walters , president and co-founder of Action1 , said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information withi
Qualys
Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review
blogs_qualys·2026-04-14
Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review
## Table of Contents
Microsoft Patch Tuesday forApril2026
Adobe Patches for April2026
Zero-day Vulnerabilities Patched inAprilPatch Tuesday Edition
Critical Severity Vulnerabilities Patched inAprilPatch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Qualys Monthly Webinar Series
April 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for April 2026
This month’s release addresses 163 vulnerabilities, including eight critical and 154 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed one
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Rapid7
Patch Tuesday - April 2026
blogs_rapid7·2026-04-14·CVSS 6.5
[MEDIUM] Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It mig
Crowdstrike
April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs
blogs_crowdstrike
April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs
April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs Apr 14, 2026
Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs Apr 06, 2026
How CrowdStrike Is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 05, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs Apr 14, 2026
Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs Apr 06, 2026
How CrowdStrike Is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 05, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Video Highlights the 4 Key Steps to Successful Incident Response
2026-04-14
Published
2026-04-22
Added to CISA KEV
Exploited in the wild