Microsoft Patch Tuesday April 2026.

Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)

This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening

The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.

Noteworthy Vulnerabilities:

CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love these types of vulnerabilities. Need to know more to really figure out the impact. Microsoft describes this as a race condition, allowing attackers to execute arbitrary code over the network. Exploitation is likely tricky, but never underestimate the creativity of an AI aided attacker.

CVE-2026-33825 (Microsoft Defender Elevation of Privilege Vulnerability): This vulnerability has already been disclosed.

CVE-2026-32201 (Microsoft SharePoint Server Spoofing Vulnerability): Two similar SharePoint server spoofing vulnerabilities were patched this month. Both are rated important, and this particular one is already being exploited.

CVE-2026-33826 (Windows Active Directory Remote Code Execution Vulnerability): CVSS score of "only" 8.0, but critical according to Microsoft.

CVE-2026-32190 (Microsoft Office Remote Code Execution Vulnerability): Standard fair for every monthly patch Tuesday. These are often the more worrisome vulnerabilities. Two additional critical RCE vulnerabilities affect Word (CVE-2026-33114, CVE-2026-33115).

CVE-2026-32157 (Remote Desktop Client Remote Code Execution Vulnerability): Typically, these vulnerabilities require a user to connect to a malicious RDP server, but connections may be initiated by clicking on an "rdp:" link.

CVE-2026-33824 (Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability): IKE, part of IPSEC, is usually not enabled by default. It isn't clear yet what the exact exploitation requirements are (will update once MSFT's page responds again)

CVE-2026-23666 (.NET Framework Denial of Service Vulnerability): Just a denial of service. Not sure why this deserved "critical".

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
CVE-2026-26171	No	No	-	-	Important	7.5	6.5
.NET Framework Denial of Service Vulnerability
CVE-2026-32226	No	No	-	-	Important	5.9	5.2
CVE-2026-23666	No	No	-	-	Critical	7.5	6.7
.NET Spoofing Vulnerability
CVE-2026-32178	No	No	-	-	Important	7.5	6.5
.NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32203	No	No	-	-	Important	7.5	6.5
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33116	No	No	-	-	Important	7.5	6.5
Active Directory Spoofing Vulnerability
CVE-2026-32072	No	No	-	-	Important	6.2	5.4
Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
CVE-2026-25184	No	No	-	-	Important	7.0	6.1
Azure Logic Apps Elevation of Privilege Vulnerability
CVE-2026-32171	No	No	-	-	Important	8.8	7.7
Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2026-32168	No	No	-	-	Important	7.8	6.8
CVE-2026-32192	No	No	-	-	Important	7.8	6.8
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
CVE-2026-5272	No	No	-	-	-
Chromium: CVE-2026-5273 Use after free in CSS
CVE-2026-5273	No	No	-	-	-
Chromium: CVE-2026-5274 Integer overflow in Codecs
CVE-2026-5274	No	No	-	-	-
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
CVE-2026-5275	No	No	-	-	-
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
CVE-2026-5276	No	No	-	-	-
Chromium: CVE-2026-5277 Integer overflow in ANGLE
CVE-2026-5277	No	No	-	-	-
Chromium: CVE-2026-5279 Object corruption in V8
CVE-2026-5279	No	No	-	-	-
Chromium: CVE-2026-5280 Use after free in WebCodecs
CVE-2026-5280	No	No	-	-	-
Chromium: CVE-2026-5281 Use after free in Dawn
CVE-2026-5281	No	No	-	-	-
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
CVE-2026-5283	No	No	-	-	-
Chromium: CVE-2026-5284 Use after free in Dawn
CVE-2026-5284	No	No	-	-	-
Chromium: CVE-2026-5285 Use after free in WebGL
CVE-2026-5285	No	No	-	-	-
Chromium: CVE-2026-5286 Use after free in Dawn
CVE-2026-5286	No	No	-	-	-
Chromium: CVE-2026-5287 Use after free in PDF
CVE-2026-5287	No	No	-	-	-
Chromium: CVE-2026-5289 Use after free in Navigation
CVE-2026-5289	No	No	-	-	-
Chromium: CVE-2026-5290 Use after free in Compositing
CVE-2026-5290	No	No	-	-	-
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
CVE-2026-5291	No	No	-	-	-
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
CVE-2026-5292	No	No	-	-	-
Chromium: CVE-2026-5858 Heap buffer overflow in WebML
CVE-2026-5858	No	No	-	-	-
Chromium: CVE-2026-5859 Integer overflow in WebML
CVE-2026-5859	No	No	-	-	-
Chromium: CVE-2026-5860 Use after free in WebRTC
CVE-2026-5860	No	No	-	-	-
Chromium: CVE-2026-5861 Use after free in V8
CVE-2026-5861	No	No	-	-	-
Chromium: CVE-2026-5862 Inappropriate implementation in V8
CVE-2026-5862	No	No	-	-	-
Chromium: CVE-2026-5863 Inappropriate implementation in V8
CVE-2026-5863	No	No	-	-	-
Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio
CVE-2026-5864	No	No	-	-	-
Chromium: CVE-2026-5865 Type Confusion in V8
CVE-2026-5865	No	No	-	-	-
Chromium: CVE-2026-5866 Use after free in Media
CVE-2026-5866	No	No	-	-	-
Chromium: CVE-2026-5867 Heap buffer overflow in WebML
CVE-2026-5867	No	No	-	-	-
Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE
CVE-2026-5868	No	No	-	-	-
Chromium: CVE-2026-5869 Heap buffer overflow in WebML
CVE-2026-5869	No	No	-	-	-
Chromium: CVE-2026-5870 Integer overflow in Skia
CVE-2026-5870	No	No	-	-	-
Chromium: CVE-2026-5871 Type Confusion in V8
CVE-2026-5871	No	No	-	-	-
Chromium: CVE-2026-5872 Use after free in Blink
CVE-2026-5872	No	No	-	-	-
Chromium: CVE-2026-5873 Out of bounds read and write in V8
CVE-2026-5873	No	No	-	-	-
Chromium: CVE-2026-5874 Use after free in PrivateAI
CVE-2026-5874	No	No	-	-	-
Chromium: CVE-2026-5875 Policy bypass in Blink
CVE-2026-5875	No	No	-	-	-
Chromium: CVE-2026-5876 Side-channel information leakage in Navigation
CVE-2026-5876	No	No	-	-	-
Chromium: CVE-2026-5877 Use after free in Navigation
CVE-2026-5877	No	No	-	-	-
Chromium: CVE-2026-5878 Incorrect security UI in Blink
CVE-2026-5878	No	No	-	-	-
Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE
CVE-2026-5879	No	No	-	-	-
Chromium: CVE-2026-5880 Incorrect security UI in browser UI
CVE-2026-5880	No	No	-	-	-
Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess
CVE-2026-5881	No	No	-	-	-
Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen
CVE-2026-5882	No	No	-	-	-
Chromium: CVE-2026-5883 Use after free in Media
CVE-2026-5883	No	No	-	-	-
Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media
CVE-2026-5884	No	No	-	-	-
Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML
CVE-2026-5885	No	No	-	-	-
Chromium: CVE-2026-5886 Out of bounds read in WebAudio
CVE-2026-5886	No	No	-	-	-
Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads
CVE-2026-5887	No	No	-	-	-
Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs
CVE-2026-5888	No	No	-	-	-
Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium
CVE-2026-5889	No	No	-	-	-
Chromium: CVE-2026-5890 Race in WebCodecs
CVE-2026-5890	No	No	-	-	-
Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI
CVE-2026-5891	No	No	-	-	-
Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs
CVE-2026-5892	No	No	-	-	-
Chromium: CVE-2026-5893 Race in V8
CVE-2026-5893	No	No	-	-	-
Chromium: CVE-2026-5894 Inappropriate implementation in PDF
CVE-2026-5894	No	No	-	-	-
Chromium: CVE-2026-5895 Incorrect security UI in Omnibox
CVE-2026-5895	No	No	-	-	-
Chromium: CVE-2026-5896 Policy bypass in Audio
CVE-2026-5896	No	No	-	-	-
Chromium: CVE-2026-5897 Incorrect security UI in Downloads
CVE-2026-5897	No	No	-	-	-
Chromium: CVE-2026-5898 Incorrect security UI in Omnibox
CVE-2026-5898	No	No	-	-	-
Chromium: CVE-2026-5899 Incorrect security UI in History Navigation
CVE-2026-5899	No	No	-	-	-
Chromium: CVE-2026-5900 Policy bypass in Downloads
CVE-2026-5900	No	No	-	-	-
Chromium: CVE-2026-5901 Policy bypass in DevTools
CVE-2026-5901	No	No	-	-	-
Chromium: CVE-2026-5902 Race in Media
CVE-2026-5902	No	No	-	-	-
Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox
CVE-2026-5903	No	No	-	-	-
Chromium: CVE-2026-5904 Use after free in V8
CVE-2026-5904	No	No	-	-	-
Chromium: CVE-2026-5905 Incorrect security UI in Permissions
CVE-2026-5905	No	No	-	-	-
Chromium: CVE-2026-5906 Incorrect security UI in Omnibox
CVE-2026-5906	No	No	-	-	-
Chromium: CVE-2026-5907 Insufficient data validation in Media
CVE-2026-5907	No	No	-	-	-
Chromium: CVE-2026-5908 Integer overflow in Media
CVE-2026-5908	No	No	-	-	-
Chromium: CVE-2026-5909 Integer overflow in Media
CVE-2026-5909	No	No	-	-	-
Chromium: CVE-2026-5910 Integer overflow in Media
CVE-2026-5910	No	No	-	-	-
Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers
CVE-2026-5911	No	No	-	-	-
Chromium: CVE-2026-5912 Integer overflow in WebRTC
CVE-2026-5912	No	No	-	-	-
Chromium: CVE-2026-5913 Out of bounds read in Blink
CVE-2026-5913	No	No	-	-	-
Chromium: CVE-2026-5914 Type Confusion in CSS
CVE-2026-5914	No	No	-	-	-
Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML
CVE-2026-5915	No	No	-	-	-
Chromium: CVE-2026-5918 Inappropriate implementation in Navigation
CVE-2026-5918	No	No	-	-	-
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets
CVE-2026-5919	No	No	-	-	-
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2026-32181	No	No	-	-	Important	5.5	4.8
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27924	No	No	-	-	Important	7.8	6.8
CVE-2026-32152	No	No	-	-	Important	7.8	6.8
CVE-2026-32154	No	No	-	-	Important	7.8	6.8
CVE-2026-27923	No	No	-	-	Important	7.8	6.8
CVE-2026-32155	No	No	-	-	Important	7.8	6.8
GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVE-2026-23653	No	No	-	-	Important	5.7	5.0
HTTP.sys Denial of Service Vulnerability
CVE-2026-33096	No	No	-	-	Important	7.5	6.5
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-26181	No	No	-	-	Important	7.8	6.8
CVE-2026-32219	No	No	-	-	Important	7.0	6.1
CVE-2026-32091	No	No	-	-	Important	8.4	7.3
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-26152	No	No	-	-	Important	7.0	6.1
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2026-33825	Yes	No	-	-	Important	7.8	7.0
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2026-33103	No	No	-	-	Important	5.5	4.8
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-33118	No	No	-	-	Low	4.3	3.8
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2026-33119	No	No	-	-	Moderate	5.4	4.7
Microsoft Excel Information Disclosure Vulnerability
CVE-2026-32188	No	No	-	-	Important	7.1	6.2
Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32189	No	No	-	-	Important	7.8	6.8
CVE-2026-32197	No	No	-	-	Important	7.8	6.8
CVE-2026-32198	No	No	-	-	Important	7.8	6.8
CVE-2026-32199	No	No	-	-	Important	7.8	6.8
Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
CVE-2026-32184	No	No	-	-	Important	7.8	6.8
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-26155	No	No	-	-	Important	6.5	5.7
Microsoft Management Console Elevation of Privilege Vulnerability
CVE-2026-27914	No	No	-	-	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32190	No	No	-	-	Critical	8.4	7.3
Microsoft Power Apps Security Feature Bypass
CVE-2026-26149	No	No	-	-	Important	9.0	7.9
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2026-32200	No	No	-	-	Important	7.8	6.8
Microsoft PowerShell Security Feature Bypass Vulnerability
CVE-2026-26143	No	No	-	-	Important	7.8	6.8
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2026-33120	No	No	-	-	Important	8.8	7.7
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20945	No	No	-	-	Important	4.6	4.0
CVE-2026-32201	No	Yes	-	-	Important	6.5	6.0
Microsoft Word Information Disclosure Vulnerability
CVE-2026-33822	No	No	-	-	Important	6.1	5.3
Microsoft Word Remote Code Execution Vulnerability
CVE-2026-33095	No	No	-	-	Important	7.8	6.8
CVE-2026-23657	No	No	-	-	Important	7.8	6.8
CVE-2026-33114	No	No	-	-	Critical	8.4	7.3
CVE-2026-33115	No	No	-	-	Critical	8.4	7.3
Package Catalog Information Disclosure Vulnerability
CVE-2026-32081	No	No	-	-	Important	5.5	4.8
PowerShell Elevation of Privilege Vulnerability
CVE-2026-26170	No	No	-	-	Important	7.8	6.8
Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
CVE-2026-26183	No	No	-	-	Important	7.8	6.8
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-32157	No	No	-	-	Critical	8.8	7.7
Remote Desktop Licensing Service Elevation of Privilege Vulnerability
CVE-2026-26160	No	No	-	-	Important	7.8	6.8
CVE-2026-26159	No	No	-	-	Important	7.8	6.8
Remote Desktop Spoofing Vulnerability
CVE-2026-26151	No	No	-	-	Important	7.1	6.2
Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-32085	No	No	-	-	Important	5.5	4.8
SQL Server Elevation of Privilege Vulnerability
CVE-2026-32167	No	No	-	-	Important	6.7	5.8
CVE-2026-32176	No	No	-	-	Important	6.7	5.8
UEFI Secure Boot Security Feature Bypass Vulnerability
CVE-2026-0390	No	No	-	-	Important	6.7	5.8
CVE-2026-32220	No	No	-	-	Important	4.4	3.9
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32212	No	No	-	-	Important	5.5	4.8
CVE-2026-32214	No	No	-	-	Important	5.5	4.8
Web Account Manager Information Disclosure Vulnerability
CVE-2026-32079	No	No	-	-	Important	5.5	4.8
Win32k Elevation of Privilege Vulnerability
CVE-2026-33104	No	No	-	-	Important	7.0	6.1
Windows Active Directory Remote Code Execution Vulnerability
CVE-2026-33826	No	No	-	-	Critical	8.0	7.0
Windows Admin Center Spoofing Vulnerability
CVE-2026-32196	No	No	-	-	Important	6.1	5.3
Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
CVE-2026-26178	No	No	-	-	Important	8.8	7.7
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-32073	No	No	-	-	Important	7.0	6.1
CVE-2026-26168	No	No	-	-	Important	7.8	6.8
CVE-2026-26173	No	No	-	-	Important	7.0	6.1
CVE-2026-26177	No	No	-	-	Important	7.0	6.1
CVE-2026-26182	No	No	-	-	Important	7.0	6.1
CVE-2026-27922	No	No	-	-	Important	7.0	6.1
CVE-2026-33099	No	No	-	-	Important	7.0	6.1
CVE-2026-33100	No	No	-	-	Important	7.0	6.1
Windows Biometric Service Security Feature Bypass Vulnerability
CVE-2026-32088	No	No	-	-	Important	6.1	5.3
Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-27913	No	No	-	-	Important	7.7	6.7
Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-26175	No	No	-	-	Important	4.6	4.0
Windows COM Elevation of Privilege Vulnerability
CVE-2026-32162	No	No	-	-	Important	8.4	7.3
Windows COM Server Information Disclosure Vulnerability
CVE-2026-20806	No	No	-	-	Important	5.5	4.8
Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
CVE-2026-26176	No	No	-	-	Important	7.8	6.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27926	No	No	-	-	Important	7.0	6.1
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-32070	No	No	-	-	Important	7.0	6.1
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2026-33098	No	No	-	-	Important	7.8	6.8
Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
CVE-2026-26153	No	No	-	-	Important	7.8	6.8
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32087	No	No	-	-	Important	7.0	6.1
CVE-2026-32093	No	No	-	-	Important	7.0	6.1
CVE-2026-32086	No	No	-	-	Important	7.0	6.1
CVE-2026-32150	No	No	-	-	Important	7.0	6.1
Windows GDI Information Disclosure Vulnerability
CVE-2026-27931	No	No	-	-	Important	5.5	4.8
CVE-2026-27930	No	No	-	-	Important	5.5	4.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-32221	No	No	-	-	Important	8.4	7.3
Windows Hello Security Feature Bypass Vulnerability
CVE-2026-27906	No	No	-	-	Important	4.4	3.9
CVE-2026-27928	No	No	-	-	Important	8.7	7.6
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-26156	No	No	-	-	Important	7.8	6.8
CVE-2026-32149	No	No	-	-	Important	7.3	6.4
Windows Installer Elevation of Privilege Vulnerability
CVE-2026-27910	No	No	-	-	Important	7.8	6.8
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
CVE-2026-33824	No	No	-	-	Critical	9.8	8.5
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2026-27912	No	No	-	-	Important	8.0	7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26179	No	No	-	-	Important	7.8	6.8
CVE-2026-26180	No	No	-	-	Important	7.8	6.8
CVE-2026-32195	No	No	-	-	Important	7.0	6.1
CVE-2026-26163	No	No	-	-	Important	7.8	6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2026-32215	No	No	-	-	Important	5.5	4.8
CVE-2026-32217	No	No	-	-	Important	5.5	4.8
CVE-2026-32218	No	No	-	-	Important	5.5	4.8
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2026-26169	No	No	-	-	Important	6.1	5.3
Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27929	No	No	-	-	Important	7.0	6.1
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2026-32071	No	No	-	-	Important	7.5	6.5
Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20930	No	No	-	-	Important	7.8	6.8
Windows OLE Elevation of Privilege Vulnerability
CVE-2026-26162	No	No	-	-	Important	7.8	6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2026-33101	No	No	-	-	Important	7.8	6.8
Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-32084	No	No	-	-	Important	5.5	4.8
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-27927	No	No	-	-	Important	7.8	6.8
CVE-2026-26184	No	No	-	-	Important	7.8	6.8
CVE-2026-32069	No	No	-	-	Important	7.8	6.8
CVE-2026-32074	No	No	-	-	Important	7.8	6.8
CVE-2026-32078	No	No	-	-	Important	7.8	6.8
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26167	No	No	-	-	Important	8.8	7.7
CVE-2026-32158	No	No	-	-	Important	7.8	6.8
CVE-2026-32159	No	No	-	-	Important	7.8	6.8
CVE-2026-32160	No	No	-	-	Important	7.8	6.8
CVE-2026-26172	No	No	-	-	Important	7.8	6.8
Windows Recovery Environment Security Feature Bypass Vulnerability
CVE-2026-20928	No	No	-	-	Important	4.6	4.0
Windows Redirected Drive Buffering System Denial of Service Vulnerability
CVE-2026-32216	No	No	-	-	Important	5.5	4.8
Windows Search Service Elevation of Privilege Vulnerability
CVE-2026-27909	No	No	-	-	Important	7.8	6.8
Windows Sensor Data Service Elevation of Privilege Vulnerability
CVE-2026-26161	No	No	-	-	Important	7.8	6.8
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2026-26174	No	No	-	-	Important	7.0	6.1
CVE-2026-32224	No	No	-	-	Important	7.0	6.1
Windows Server Update Service (WSUS) Tampering Vulnerability
CVE-2026-26154	No	No	-	-	Important	7.5	6.5
Windows Shell Elevation of Privilege Vulnerability
CVE-2026-26165	No	No	-	-	Important	7.0	6.1
CVE-2026-26166	No	No	-	-	Important	7.0	6.1
CVE-2026-27918	No	No	-	-	Important	7.8	6.8
Windows Shell Information Disclosure Vulnerability
CVE-2026-32151	No	No	-	-	Important	6.5	5.7
Windows Shell Security Feature Bypass Vulnerability
CVE-2026-32225	No	No	-	-	Important	8.8	7.7
Windows Shell Spoofing Vulnerability
CVE-2026-32202	No	No	-	-	Important	4.3	3.8
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32082	No	No	-	-	Important	7.0	6.1
CVE-2026-32083	No	No	-	-	Important	7.0	6.1
CVE-2026-32068	No	No	-	-	Important	7.0	6.1
Windows Snipping Tool Remote Code Execution Vulnerability
CVE-2026-32183	No	No	-	-	Important	7.8	6.8
Windows Snipping Tool Spoofing Vulnerability
CVE-2026-33829	No	No	-	-	Moderate	4.3	3.8
Windows Speech Brokered Api Elevation of Privilege Vulnerability
CVE-2026-32089	No	No	-	-	Important	7.8	6.8
CVE-2026-32090	No	No	-	-	Important	7.8	6.8
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2026-32153	No	No	-	-	Important	7.8	6.8
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2026-27907	No	No	-	-	Important	7.8	6.8
CVE-2026-32076	No	No	-	-	Important	7.8	6.8
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33827	No	No	-	-	Critical	8.1	7.1
Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
CVE-2026-27908	No	No	-	-	Important	7.0	6.1
CVE-2026-27921	No	No	-	-	Important	7.0	6.1
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27915	No	No	-	-	Important	7.8	6.8
CVE-2026-27919	No	No	-	-	Important	7.8	6.8
CVE-2026-32075	No	No	-	-	Important	7.0	6.1
CVE-2026-27916	No	No	-	-	Important	7.8	6.8
CVE-2026-27920	No	No	-	-	Important	7.8	6.8
CVE-2026-32077	No	No	-	-	Important	7.8	6.8
Windows UPnP Device Host Information Disclosure Vulnerability
CVE-2026-27925	No	No	-	-	Important	6.5	5.7
Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-32156	No	No	-	-	Important	7.4	6.4
Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
CVE-2026-32223	No	No	-	-	Important	6.8	5.9
Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32165	No	No	-	-	Important	7.8	6.8
CVE-2026-27911	No	No	-	-	Important	7.8	6.8
CVE-2026-32163	No	No	-	-	Important	7.8	6.8
CVE-2026-32164	No	No	-	-	Important	7.8	6.8
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2026-23670	No	No	-	-	Important	5.7	5.0
Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
CVE-2026-27917	No	No	-	-	Important	7.0	6.1
Windows WalletService Elevation of Privilege Vulnerability
CVE-2026-32080	No	No	-	-	Important	7.0	6.1
Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-32222	No	No	-	-	Important	7.8	6.8

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: microsoft patch Tuesday

0 comment(s)

ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890

Internet Storm Center

Microsoft Patch Tuesday April 2026.

Comments