Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
April Patch Tuesday: Microsoft fixes 169 CVEs including an actively exploited SharePoint zero-day and a 9.8-rated Windows IKE RCE flaw.
What’s new: Microsoft has released patches for 169 security vulnerabilities, including a zero-day vulnerability (CVE-2026-32201) in SharePoint Server that is actively exploited. The vulnerabilities include 157 rated Important, eight Critical, three Moderate, and one Low. Notably, CVE-2026-33824, a remote code execution flaw in the Windows IKE Service Extensions, has a CVSS score of 9.8, posing a significant risk to enterprise environments.
Who’s affected
Organizations using Microsoft SharePoint Server, Microsoft Defender, and systems with IKE v2 enabled are at risk. The vulnerabilities impact various Microsoft products and include non-Microsoft CVEs affecting AMD, Node.js, Windows Secure Boot, and Git for Windows.
What to do
- Immediately apply the latest Microsoft patches to mitigate the vulnerabilities, especially CVE-2026-32201 and CVE-2026-33824.
- Ensure that systems with IKE v2 enabled are secured and monitored for potential exploitation.
- Review and update security protocols for Microsoft Defender to address CVE-2026-33825.
