Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Staff Editor 2026-04-15
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html

Publish Date: 2026-04-15 04:40:00

Source Domain: thehackernews.com

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.

Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities.

Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631). The updates are in addition to 78 vulnerabilities that have been addressed in its Chromium-based Edge browser since the update that was released last month.

The release makes it the second biggest Patch Tuesday ever, a little below the record set in October 2025, when Microsoft addressed a massive 183 security flaws. “At this pace, 2026 is on track to affirm that 1,000+ Patch Tuesday CVEs annually is the norm,” Satnam Narang, senior staff research engineer at Tenable, said.

“Not only that, but elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April, while remote code execution (RCE) vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this month.”

The vulnerability that has come under active exploitation is CVE-2026-32201 (CVSS score: 6.5), a spoofing vulnerability impacting Microsoft SharePoint Server.

“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network,” Microsoft said in an advisory. “An attacker who successfully exploited the vulnerability could view some sensitive information…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy