Microsoft Monthly Security Update (April 2026)

Last Update Date: 28 Apr 2026 Release Date: 15 Apr 2026 32687 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2026-04-17]

Updated Description.

Proof of Concept exploit code is publicly available for CVE-2026-33825. Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

 

[Updated on 2026-04-23]

Updated Description, Source and Related Link.

CVE-2026-33825 is being exploited in the wild, and Proof of Concept exploit code has been publicly released. Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

 

[Updated on 2026-04-28]

Updated Description.

CVE-2026-32202 is being exploited in the wild. Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
WindowsMedium Risk Medium RiskElevation of Privilege
Security Restriction Bypass
Spoofing
Data Manipulation
Information Disclosure
Denial of Service
Remote Code Execution		CVE-2026-32202 is being exploited in the wild. Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Security Restriction Bypass
Spoofing
Data Manipulation
Information Disclosure
Denial of Service
Remote Code Execution		 
Developer ToolsMedium Risk Medium RiskInformation Disclosure
Spoofing
Denial of Service
Security Restriction Bypass		 
Microsoft OfficeHigh Risk High RiskSpoofing
Information Disclosure
Remote Code Execution		CVE-2026-32201 is being exploited in the wild. Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Microsoft DynamicsMedium Risk Medium RiskSecurity Restriction Bypass
Information Disclosure		 
SQL ServerMedium Risk Medium RiskElevation of Privilege
Remote Code Execution		 
AzureMedium Risk Medium RiskElevation of Privilege 
BrowserLow Risk Low RiskSpoofing 
System CenterHigh Risk High RiskElevation of PrivilegeCVE-2026-33825 is being exploited in the wild, and Proof of Concept exploit code has been publicly released. Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 2

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': High Risk

Impact

  • Remote Code Execution
  • Denial of Service
  • Data Manipulation
  • Information Disclosure
  • Security Restriction Bypass
  • Elevation of Privilege
  • Spoofing

System / Technologies affected

  • Windows
  • Extended Security Updates (ESU)
  • Developer Tools
  • Microsoft Office
  • Microsoft Dynamics
  • SQL Server
  • Azure
  • Browser
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftRemote Code ExecutionDenial of ServiceData ManipulationInformation DisclosureSecurity Restriction BypassElevation of PrivilegeSpoofingProof of ConceptExploit In The Wild

Share with

Previous

Microsoft ASP.NET Core Elevation of Privilege Vulnerability

24 Apr 2026 20305 Views

Next

Microsoft Edge Security Restriction Bypass Vulnerabilities

28 Apr 2026 18934 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY