High Threat Security Alert (A26-04-15): Multiple Vulnerabilities in Microsoft Products (April 2026)


 

Published on: 15 April 2026

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr

Reports indicated that a spoofing vulnerability (CVE-2026-32201) is being exploited in the wild. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 10, 11, 11 version 26H1
  • Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2022 23H2 Edition, 2025
  • Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, LTSC for Mac 2021, LTSC for Mac 2024
  • Microsoft Excel 2016
  • Microsoft PowerPoint 2016
  • Microsoft 365 Apps for Enterprise
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SQL Server 2016, 2017, 2019, 2022, 2025
  • Microsoft Visual Studio 2017, 2019, 2022
  • Microsoft Visual Studio Code CoPilot Chat Extension
  • Microsoft .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 and 4.8.1
  • .NET 8.0, .NET 9.0 and .NET 10.0 installed on Linux, Mac OS, Windows
  • Microsoft Defender Antimalware Platform
  • Microsoft Dynamics 365
  • Microsoft HPC Pack 2019
  • Microsoft Power Apps
  • Office Online Server
  • PowerShell 7.4, 7.5
  • Remote Desktop client
  • Windows Admin Center
  • Windows App Client

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

 

Impact:

Depending on the vulnerabilities exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-april-2026
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20585
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0390
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20806
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20928
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20930
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20945
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23653
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23657
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23666
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23670
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25184
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25250
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26143
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26149
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26151 (to CVE-2026-26156)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26159 (to CVE-2026-26163)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26165 (to CVE-2026-26184)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27906 (to CVE-2026-27931)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32068 (to CVE-2026-32091)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32093
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32149 (to CVE-2026-32160)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32162 (to CVE-2026-32165)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32176
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32178
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32181
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32183 (to CVE-2026-32184)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32188 (to CVE-2026-32190)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32195 (to CVE-2026-32203)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32212
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32214 (to CVE-2026-32226)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32631
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33095 (to CVE-2026-33096)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33098 (to CVE-2026-33101)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33103 (to CVE-2026-33104)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33114 (to CVE-2026-33116)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33120
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33822
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33824 (to CVE-2026-33827)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33829


Tag: Microsoft , Windows , Windows Server , Microsoft Office , Excel , PowerPoint , Microsoft 365 Apps , SharePoint , SQL Server , Visual Studio , Visual Studio Code , .NET , Microsoft Defender , Dynamics 365 , HPC , Power Apps , Office Online Server , PowerShell , Remote Desktop client , Windows Admin Center , Windows App Client
Tags