{"id":233491,"date":"2026-04-15T04:40:00","date_gmt":"2026-04-15T08:40:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/microsoft-issues-patches-for-sharepoint-zero-day-and-168-other-new-vulnerabilities\/"},"modified":"2026-04-20T16:20:08","modified_gmt":"2026-04-20T20:20:08","slug":"microsoft-issues-patches-for-sharepoint-zero-day-and-168-other-new-vulnerabilities","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/microsoft-issues-patches-for-sharepoint-zero-day-and-168-other-new-vulnerabilities\/","title":{"rendered":"Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/microsoft-issues-patches-for-sharepoint.html\">Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/microsoft-issues-patches-for-sharepoint.html\">https:\/\/thehackernews.com\/2026\/04\/microsoft-issues-patches-for-sharepoint.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-15 04:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Microsoft on Tuesday released updates to address a\u00a0record 169 security\u00a0flaws across its product portfolio, including one vulnerability that\u00a0has been actively\u00a0exploited in the\u00a0wild.<\/p>\n<p>Of these 169 vulnerabilities, 157 are rated Important, eight are rated\u00a0Critical, three are rated Moderate,\u00a0and one is rated Low in\u00a0severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities.<\/p>\n<p>Also included among the 169 flaws are\u00a0four non-Microsoft\u00a0issued\u00a0CVEs impacting AMD (CVE-2023-20585), Node.js\u00a0(CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631). The updates are in addition\u00a0to 78 vulnerabilities that\u00a0have been\u00a0addressed\u00a0in its Chromium-based Edge browser since\u00a0the update that\u00a0was released last\u00a0month.<\/p>\n<p>The release makes it\u00a0the second\u00a0biggest Patch Tuesday\u00a0ever, a\u00a0little below the record set in October 2025, when Microsoft addressed\u00a0a massive 183 security\u00a0flaws.\u00a0&#8220;At this pace, 2026 is on track to affirm that 1,000+ Patch Tuesday CVEs annually is the\u00a0norm,&#8221; Satnam Narang, senior staff research engineer at Tenable,\u00a0said.<\/p>\n<p>&#8220;Not only that, but elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April, while remote code execution (RCE) vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this\u00a0month.&#8221;<\/p>\n<p>The vulnerability that has come under active exploitation\u00a0is CVE-2026-32201 (CVSS score: 6.5), a spoofing vulnerability impacting Microsoft SharePoint\u00a0Server.<\/p>\n<p>&#8220;Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a\u00a0network,&#8221; Microsoft said in an\u00a0advisory.\u00a0&#8220;An attacker who successfully exploited the vulnerability could view some sensitive information&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/microsoft-issues-patches-for-sharepoint.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities https:\/\/thehackernews.com\/2026\/04\/microsoft-issues-patches-for-sharepoint.html Publish Date: 2026-04-15&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233492,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjKhAYMS4CZDglUzVBKPpIJJJjC7LSHIE8r8HSYTDvQtfuqIlLk-jorWPPNvMPaiuWSriWM2WP-cyKqr_TRwlOG65EY9ZZWuRYsrzcn05wg3mkQd_-j103HEjHaUryyOF7jWj6IuAM6VwCUloPq_9RMt959E-yG8qF4n1acw3OfY73fWw4p90V0ClaY4hjo\/s1600\/windows-update.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-233491","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233491"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233491"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233491\/revisions"}],"predecessor-version":[{"id":233493,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233491\/revisions\/233493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233492"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}