Urgent Patch Alert: SharePoint Spoofing Under Active Attack as Microsoft Releases April 2026 Updates
Ddos 
Microsoft’s April 2026 Patch Tuesday has arrived with a massive security payload, addressing a staggering 163 vulnerabilities, including eight rated as critical. While the volume alone is significant, the primary concern for security administrators is a high-profile flaw in Microsoft SharePoint Server that is currently being weaponized by attackers in the wild.
At the center of this month’s security storm is CVE-2026-32201, an improper input validation vulnerability in Microsoft Office SharePoint. This flaw allows an unauthenticated attacker to perform network spoofing, potentially tricking users or systems into interacting with malicious content.
The urgency surrounding this flaw is underscored by its inclusion in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. CISA has issued a direct warning to federal agencies and private organizations alike, urging them to remediate this vulnerability before April 28, 2026.
Beyond the SharePoint attack, Microsoft also disclosed a publicly known zero-day vulnerability in its flagship security suite:
- CVE-2026-33825 (Microsoft Defender Elevation of Privilege): An insufficient access-control granularity flaw that allows an authenticated attacker to elevate local privileges. This effectively allows authorized users to perform actions far beyond their intended permissions.
The April release also targets several Critical-rated Remote Code Execution (RCE) vulnerabilities that could lead to total system takeover if left unpatched:
- Windows TCP/IP (CVE-2026-33827): A race condition flaw where a specially crafted IPv6 packet sent to a node with IPSec enabled can lead to remote code execution.
- Remote Desktop Client (CVE-2026-32157): A use-after-free flaw that could allow an unauthenticated attacker to execute code over a network if a user connects to a malicious server.
- Active Directory (CVE-2026-33826): A flaw requiring a specially crafted RPC call to an RPC host, allowing an attacker to execute code on an adjacent network.
The April edition of Patch Tuesday includes updates for a wide range of essential components, including Windows Kerberos, the Windows Kernel, Hyper-V, SQL Server, and Microsoft Defender. Notably, Microsoft also addressed 80 vulnerabilities in Microsoft Edge (Chromium-based) that were disclosed earlier this month.
The classification of the 163 vulnerabilities includes:
- Elevation of Privilege: 93
- Remote Code Execution: 20 (7 Critical)
- Information Disclosure: 20
- Denial of Service: 9 (1 Critical)
- Spoofing: 8
With active exploitation already documented and a CISA-mandated deadline looming for SharePoint users, the mandate for IT teams is clear. As always, timely patch deployment is crucial to reduce exposure and ensure systems remain resilient against exploitation attempts.
Administrators are urged to prioritize CVE-2026-32201 and the critical RCE fixes to secure their digital perimeters before attackers can further capitalize on these open windows.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
