Microsoft Fixes 167 Vulnerabilities, Including SharePoint Zero‑Day

Microsoft released its April 2026 Patch Tuesday updates today, delivering fixes for a record 167 security vulnerabilities across the Windows ecosystem, SharePoint Server, and related enterprise software. The haul includes ten critical flaws that could enable remote code execution, as well as a collection of privilege‑escalation and information‑disclosure issues that broaden the attack surface for both on‑premises and cloud environments.

Among the patched flaws is a zero‑day vulnerability in SharePoint Server (CVE‑2026‑XXXX) that has been publicly disclosed and observed being exploited in limited targeted attacks. Microsoft also addressed a second vulnerability that was disclosed on a security research blog prior to the patch, underscoring the growing trend of pre‑patch exposure. Both flaws have been rated important and require immediate patching, especially for internet‑facing SharePoint deployments.

The update bundle contains a broad mix of severity levels: remote code execution bugs in Windows HTTP/2 handling, elevation‑of‑privilege flaws in the Windows Kernel, and a denial‑of‑service weakness in Azure Stack HCI. Security teams are advised to prioritize patches for the SharePoint zero‑day and the publicly disclosed flaw, then roll out the remaining updates in a staged manner to minimize disruption.

Organizations should adopt a risk‑based patch management strategy, leveraging automated deployment tools and maintaining up‑to‑date backups before applying high‑impact updates. Continuous monitoring of threat‑intelligence feeds will help identify any emerging exploitation attempts tied to these vulnerabilities. Timely application of Microsoft’s April patches is critical to reducing the window of opportunity for ransomware, APT actors, and other threat groups.