Microsoft on Tuesday issued security updates for 169 vulnerabilities across its products, including an actively exploited spoofing flaw in SharePoint Server and a high-severity remote code execution bug in Windows IKE services.
KEY FACTS
- Total fixes Microsoft addressed 169 vulnerabilities, its second-largest Patch Tuesday release.
- Actively exploited flaw CVE-2026-32201 affects SharePoint Server and can let an unauthorized attacker spoof content over a network.
- Government response CISA added the SharePoint flaw to its Known Exploited Vulnerabilities catalog.
- High severity bug CVE-2026-33824 is a 9.8-rated remote code execution issue in Windows IKE Service Extensions.
- Defender issue CVE-2026-33825 is a privilege escalation flaw tied to Microsoft Defender update workflows.
The update package also included fixes for 78 Chromium-based Edge vulnerabilities and four non-Microsoft CVEs affecting AMD, Node.js, Windows Secure Boot and Git for Windows. Microsoft said 157 of the flaws were rated Important, eight Critical, three Moderate and one Low.
The SharePoint flaw was identified internally, and the company said it could allow an unauthorized attacker to perform spoofing over a network. The advisory said successful exploitation could expose some sensitive information and let an attacker alter disclosed information, but not block access to the resource.
CISA said federal civilian agencies must remediate the SharePoint issue by April 28, 2026. The exact method of exploitation is still unclear, and Microsoft did not identify who is behind the activity or how widely the flaw has been used.
A second issue, CVE-2026-33825, affects Microsoft Defender and can allow a local attacker to elevate privileges. Microsoft said the platform updates itself by default, and systems with Defender disabled are not exposed.
Another patch, CVE-2026-33824, affects Windows IKE Service Extensions and could permit remote code execution if an attacker sends specially crafted packets to a machine with IKEv2 enabled. Security researchers said the flaw is especially concerning for systems exposed to untrusted networks, including VPN and IPsec deployments.
WHY IT MATTERS
The release addresses a mix of actively exploited, high-severity and widely exposed flaws across Microsoft software used in enterprises and government networks. Organizations that run SharePoint, Defender or IKEv2 services may face higher risk until the updates are applied.