Microsoft’s April Patch Tuesday Strengthens Security with 80 New Browser Vulnerabilities and Critical Exploits in the Wild
Microsoft has announced the identification of active exploitation of vulnerabilities in the wild, coinciding with the disclosure of several critical security issues. Among the vulnerabilities addressed in the latest update, 19 have been assessed as having a higher likelihood of future exploitation. This month, Microsoft has issued patches for a total of 80 browser vulnerabilities, which are not included in the regular Patch Tuesday count.
Significant Increase in Vulnerability Reports
The number of vulnerabilities reported this month has significantly exceeded typical figures, particularly in the browser category. Last week, Microsoft set a record by releasing patches for 60 browser vulnerabilities in a single day. While some have speculated that this surge might be linked to the recent announcement of Project Glasswing, this connection has been dismissed as unfounded.
The Microsoft Edge browser, which operates on the Chromium engine, has seen a notable rise in reported vulnerabilities. The maintainers of Chromium have acknowledged contributions from a diverse range of researchers, indicating a broader increase in vulnerability reports across the industry in recent weeks.
This rise in reported vulnerabilities can be attributed to advancements in cybersecurity research methodologies and tools, which are becoming increasingly sophisticated. As these tools evolve, the volume of vulnerability reports is expected to continue to grow.
Addressing Critical Vulnerabilities
Administrators of SharePoint are advised to prioritize the remediation of CVE-2026-32201, a spoofing vulnerability currently being exploited in the wild. Although the advisory lacks extensive details, it highlights issues related to improper input validation and indicates a low impact on confidentiality and integrity, with no effect on availability. However, it is essential to recognize that attackers often achieve significant impact by chaining multiple vulnerabilities together, amplifying their overall threat.
The evolving landscape of offensive cybersecurity, driven by advanced technologies, presents new challenges. A vulnerability with a CVSS v3 base score of 6.5, once deemed low-risk, may no longer be considered safe for defenders in 2026. Patches are available for all supported versions of SharePoint, including SharePoint 2016, which is set to exit extended support on July 14, 2026.
Additionally, Microsoft Defender has received a critical patch for CVE-2026-33825, a local privilege escalation vulnerability that has been publicly disclosed. Successful exploitation of this vulnerability could grant SYSTEM privileges, making timely patching essential. Microsoft has indicated that no user action is required for this update, as the Microsoft Defender Antimalware Platform updates automatically by default.
Remote Code Execution Vulnerabilities
The Windows Internet Key Exchange (IKE) Services Extensions have been identified as the source of CVE-2026-33824, a critical unauthenticated remote code execution vulnerability. Exploitation of this vulnerability requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, potentially allowing for remote code execution.
Unauthenticated remote code execution vulnerabilities against modern Windows systems are relatively rare, which limits the number of self-propagating wormable vulnerabilities on the internet. However, given that IKE provides secure tunnel negotiation services, such as for VPNs, it is exposed to untrusted networks and can be accessed in a pre-authorization context. While it may not lead to widespread internet worms, the potential for initial access abuse remains a significant concern.
The advisory includes mitigations for organizations unable to apply patches immediately, focusing on restricting relevant UDP traffic to the least privilege necessary. Patches are available for all Windows versions dating back to Server 2016 and Windows 10 1607 LTSC.
Acknowledgments and Lifecycle Updates
The advisory credits both the WARP and Microsoft Offensive Research & Security Engineering (MORSE) teams for their contributions. While MORSE has been acknowledged in previous advisories, this marks the first explicit mention of WARP, which may refer to the Microsoft Windows Enterprise Security Team.
In lifecycle news, extended support for a range of legacy Microsoft enterprise tools, including Dynamics C5 2016, Dynamics NAV 2016, App-V 5.0, App-V 5.1, UE-V 2.1, and BitLocker Administration and Monitoring 2.5 SP1, ended on April 14, 2026. Microsoft .NET 9 STS, initially scheduled to reach the end of support in May 2026, has received a six-month extension, now set to end on November 10, 2026.
For further insights into these vulnerabilities and their implications, refer to the comprehensive analysis available at Cyber Daily.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-04-15 09:02:00 • By the Editorial Desk
