Microsoft has released a large scale security update addressing 169 vulnerabilities across its product ecosystem, including a SharePoint zero day flaw that is already being actively exploited in the wild. The update also includes multiple high severity issues affecting Windows components, Microsoft Defender, and other third party technologies integrated into the Windows environment, marking one of the most significant Patch Tuesday cycles in recent years.
The update package contains 157 vulnerabilities rated Important, eight rated Critical, three rated Moderate, and one rated Low. Microsoft also confirmed that the flaws span a wide range of security categories including 93 privilege escalation issues, 21 information disclosure vulnerabilities, 21 remote code execution cases, 14 security feature bypass flaws, 10 spoofing issues, and nine denial of service vulnerabilities. Alongside these, four externally reported CVEs affecting AMD, Node.js, Windows Secure Boot, and Git for Windows were also addressed. In addition, Microsoft patched 78 vulnerabilities in its Chromium based Edge browser since last month’s update cycle. Security researchers noted that this release is the second largest Patch Tuesday ever recorded, only behind October 2025 when 183 vulnerabilities were fixed. Analysts from Tenable highlighted that 2026 may see over 1000 CVEs addressed annually as patch cycles continue to expand, with privilege escalation bugs now dominating a majority share of fixes compared to other vulnerability classes.
Among the most concerning issues is CVE-2026-32201, a SharePoint Server spoofing vulnerability with a CVSS score of 6.5 that is currently being exploited in active attacks. The flaw stems from improper input validation in Microsoft Office SharePoint Server, allowing unauthorized attackers to spoof trusted content or interfaces over a network. Successful exploitation enables attackers to manipulate how information is presented, potentially deceiving users into trusting malicious content. While it does not directly lead to system compromise or service disruption, it can significantly impact confidentiality and integrity of information, making it a strong tool for phishing style and deception based attacks. The vulnerability has been added to the CISA Known Exploited Vulnerabilities catalog, requiring federal agencies to apply remediation by April 28, 2026. Security experts have noted that although the exact exploitation method remains unclear, the risk lies in its ability to manipulate user trust within enterprise environments where SharePoint is widely deployed.
Another major issue addressed in the update is CVE-2026-33825 affecting Microsoft Defender, a privilege escalation vulnerability with a CVSS score of 7.8. This flaw allows a locally authorized attacker to elevate privileges by exploiting insufficient access control mechanisms in Defender. The vulnerability is linked to a previously circulating exploit known as BlueHammer, which was reportedly shared publicly on GitHub by a researcher using the alias Chaotic Eclipse following a dispute over vulnerability disclosure handling. Security analysis indicates that the exploit chain leverages Windows Volume Shadow Copy behavior during Defender update processes, allowing attackers to access protected system registry hives and escalate to SYSTEM level privileges. This can enable full local system takeover, extraction of password hashes, and persistent administrative control. Reports indicate that the vulnerability has been patched, and exploit attempts no longer function on updated systems, although some components of the attack technique may still be observable in older environments.
Microsoft also addressed a critical remote code execution vulnerability tracked as CVE-2026-33824 affecting the Windows Internet Key Exchange Service Extensions, carrying a CVSS score of 9.8. The flaw can be triggered through specially crafted network packets sent to systems with IKE version 2 enabled, potentially allowing unauthenticated remote code execution. Because IKE services are commonly used for VPN and IPsec communications, the vulnerability is especially dangerous for enterprise environments where such services are exposed to external networks. Security researchers have warned that due to its low complexity and high impact, the flaw could be rapidly weaponized, potentially leading to full system compromise and lateral movement across corporate networks if patches are not applied promptly.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
