On April 14, 2026, Microsoft released its monthly security updates, addressing a total of 163 vulnerabilities across supported Windows versions. These updates are available through the Windows Update service and related catalog. In addition to Windows, Microsoft also targeted vulnerabilities in its other products, bringing the total addressed to 247.
Critical Vulnerabilities in April 2026 Update
Among the identified vulnerabilities, several have been actively exploited. Immediate action is required for two notable security issues:
- CVE-2026-32201: A critical spoofing vulnerability in Microsoft SharePoint Server.
- CVE-2026-5281: A high-severity use-after-free vulnerability in Chromium.
Additionally, several vulnerabilities have known attack techniques, raising the urgency for users to secure their systems.
High-Severity Issues Detected
The update also included eight vulnerabilities rated as Critical, affecting various Microsoft products, including .NET Framework and Office applications:
- CVE-2026-23666: Denial of service vulnerability in .NET Framework.
- CVE-2026-32190: Remote code execution vulnerability in Microsoft Office.
- CVE-2026-33114: Remote code execution vulnerability in Microsoft Word.
- CVE-2026-33115: Also affects Microsoft Word with remote code execution potential.
- CVE-2026-32157: Remote desktop client vulnerable to remote code execution.
- CVE-2026-33826: Affects Windows Active Directory with remote execution risks.
- CVE-2026-33824: Remote execution vulnerability in Windows Internet Key Exchange Protocol.
- CVE-2026-33827: Remote code execution vulnerability in Windows TCP/IP.
Specific Updates for Windows Versions
The recent updates apply to Windows 10, Windows 11 (version 25H2), and Windows Server versions 2016, 2019, and 2022. Here are some highlights for Windows 11 (version 25H2):
- Improvements in the service stack for better installation of Windows updates.
- Enhanced reliability for SMB compression through QUIC, reducing timeout issues.
- Stronger protections against phishing attacks using remote desktop files.
Users of Windows version 24H2 should consider transitioning to version 25H2, as support for 24H2 will end soon.
Microsoft Office and Other Products
Security updates were also issued for Microsoft Office. These updates fixed critical vulnerabilities that could potentially affect user data and applications.
Updates for Visual Studio and SQL Server
In addition to Windows and Office, Microsoft addressed:
- Four vulnerabilities in Microsoft Visual Studio across various versions.
- Three vulnerabilities related to Microsoft SQL Server.
- Two vulnerabilities in Microsoft SharePoint.
- Three vulnerabilities in .NET Framework 4.8 and additional vulnerabilities in .NET 10.0, 9.0, and 8.0.
Other Software Updates
Several other Microsoft products also received updates, including:
- Windows App Client for Desktop: 1 urgent vulnerability.
- Windows Admin Center: 1 important vulnerability.
- Remote Desktop client: 1 urgent vulnerability.
- PowerShell versions 7.5 and 7.4: 1 important vulnerability each.
- Dynamics 365, Microsoft Defender, Azure Monitor, and others also received important updates.
It is crucial for users to promptly install these updates to safeguard against potential security threats. Regular checks for new patches can help maintain system integrity.
