Microsoft Patch Tuesday Fixes Critical Security Bugs
▼ Summary
– A critical SharePoint spoofing vulnerability (CVE-2026-32201) was actively exploited before Microsoft patched it in April’s major security update.
– The April “Patch Tuesday” release was exceptionally large, addressing 165 new vulnerabilities, which is Microsoft’s second-largest monthly CVE release.
– The exploited SharePoint flaw allows attackers to falsify information within trusted environments, enabling phishing and data manipulation.
– A separate, publicly known privilege escalation bug (CVE-2026-33825) in Microsoft Defender matches exploit code published by a researcher critical of Microsoft.
– Security experts speculate the high volume of patches may be linked to an increase in vulnerability submissions found by AI tools.
Microsoft’s April 2026 Patch Tuesday delivered a massive security update, addressing a record 165 new vulnerabilities. Among these, a critical SharePoint Server spoofing flaw, designated CVE-2026-32201, was already being actively exploited by attackers before a fix was available. This vulnerability stems from improper input validation, allowing an unauthorized individual to spoof content over a network. Exploitation can lead to unauthorized viewing or alteration of sensitive information within the platform.
Security experts warn this bug poses a significant threat. “By exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content,” explained Mike Walters, president of Action1. He emphasized the risk of phishing attacks and social engineering campaigns launched from within a trusted environment. “The flaw lets attackers fake trust at scale: what looks legitimate may actually be a carefully crafted deception,” Walters added.
Microsoft did not disclose specifics about the ongoing attacks or the researcher who reported the issue. When questioned about potential contributions from artificial intelligence in this large batch of fixes, a company statement noted the volume of reports varies monthly. The statement clarified, “Today’s release does not reflect a significant increase in AI‑driven discoveries, though we did credit one vulnerability to an Anthropic researcher using Claude.”
The sheer number of patches this month is notable. According to Dustin Childs of the Zero Day Initiative, this represents Microsoft’s second-largest monthly CVE release on record. Childs speculated that, like other security programs, Microsoft is likely experiencing a rise in submissions found by AI tools.
While the SharePoint bug was the only one confirmed as under active exploitation at release, another vulnerability was publicly known. Tracked as CVE-2026-33825, this elevation of privilege flaw in Microsoft Defender matches exploit code named BlueHammer published on GitHub. The code was released by a researcher using the alias “Chaotic Eclipse,” who expressed frustration with Microsoft’s disclosure process in an April 2 post.
This incident echoes past criticisms of Microsoft’s handling of external security research. Childs refrained from commenting on the researcher’s specific grievances but offered clear advice. “I’m just glad they are offering a fix for the vulnerability. If you rely on Defender, test and deploy this one quickly,” he wrote, underscoring the urgency for organizations to apply these critical updates.
(Source: Theregister.com)
