Microsoft's April 2026 security update addresses 165 vulnerabilities, including eight critical flaws across various products like .NET, Remote Desktop, Microsoft Office, and Windows Active Directory. High-profile issues include a critical remote code execution (RCE) in the Windows Internet Key Exchange (IKE) extension and a race condition in TCP/IP that allows remote code execution via specially crafted IPv6 packets.
Notably, an improper input validation flaw in Microsoft SharePoint (CVE-2026-32201) is reported to be exploited in the wild. Additionally, the update covers several "more likely to be exploited" vulnerabilities involving secure boot bypass, kernel memory disclosure, and elevation of privilege in components like WinSock and the Windows Search Service. Administrators are advised to apply these patches and update Snort rulesets immediately to mitigate potential attacks.
Top comments (0)