INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
ATTENTION: This report is based on previous data. New intelligence sources have been linked and the Executive Summary and Mitigations need to be re-synthesized.

April Patch Tuesday fixes two zero-days including one under active attack

| 2026-04-15 09:10 CRITICAL HIGH
JSON
Executive Summary AI-generated
The latest incident data reveals a critical vulnerability in Microsoft Office SharePoint, allowing unauthorized attackers to perform spoofing over networks. This issue has been tracked as CVE-2026-32201 with a CVSS score of 6.5 out of 10 and is considered a zero-day exploit. Additionally, another elevation of privilege (EoP) vulnerability in Microsoft Defender's anti-malware platform has also been identified. Users are advised to update Microsoft Office immediately, especially if they commonly receive attachments, as these updates fix security problems that can be executed via the preview pane or by opening malicious documents.
Technical Mitigations AI-generated
* Use up-to-date versions of Microsoft Office and other software to ensure you have the latest security patches. * Regularly update your operating system, browser, and mobile devices with the latest security updates from reputable sources. * Implement a patch management strategy to identify and apply all available security fixes for your systems and applications in a timely manner. * Use antivirus software and keep it up-to-date to protect against malware and other threats. * Consider using a web application firewall (WAF) or intrusion detection system (IDS) to enhance network security.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-32201CVE-2026-32201 CVE-2026-33825CVE-2026-33825 CVE-2026-33824CVE-2026-33824
Target & Sectors
Global Scope
Incident Timeline
‎2026/04/14
Microsoft published a higher-than-usual list of fixes for CVEs as part of its monthly Patch Tuesday update on April 13.
organisation Microsoft
Microsoft published a higher-than-usual list of fixes for CVEs as part of its monthly Patch Tuesday update round yesterday, including two zero-day vulnerabilities.
organisation Patch Tuesday
Microsoft published a higher-than-usual list of fixes for CVEs as part of its monthly Patch Tuesday update round yesterday, including two zero-day vulnerabilities.
‎2026/04/15
Threat actors exploited a zero-day vulnerability in the Windows operating system to gain unauthorized access.
‎2026/04/15
Threat actors exploited a zero-day vulnerability in Microsoft Office, specifically in Word and Excel, to gain unauthorized access.
infrastructure Microsoft Office
The vulnerability tracked as CVE-2026-32201 ( CVSS score 6.5 out of 10)  is an improper input validation issue in Microsoft Office SharePoint that allows an unauthorized attacker to perform spoofing over a network.
In addition, BleepingComputer warns : “Microsoft has also fixed multiple remote code execution bugs in Microsoft Office (Word and Excel) that can be executed via the preview pane or by opening malicious documents.
Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments.” How to apply fixes and check if you’re protected These updates fix security problems and keep your Windows PC protected.
organisation Microsoft Office SharePoint
The vulnerability tracked as CVE-2026-32201 ( CVSS score 6.5 out of 10)  is an improper input validation issue in Microsoft Office SharePoint that allows an unauthorized attacker to perform spoofing over a network.
organisation SharePoint
It is described as a server spoofing vulnerability in SharePoint whereby improper input validation allows an unauthorized attacker to perform spoofing over a network.
In simple terms, it could be used to spread false information in a trusted SharePoint environment.
organisation BleepingComputer
In addition, BleepingComputer warns : “Microsoft has also fixed multiple remote code execution bugs in Microsoft Office (Word and Excel) that can be executed via the preview pane or by opening malicious documents.
infrastructure Windows
Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments.” How to apply fixes and check if you’re protected These updates fix security problems and keep your Windows PC protected.
With a CVSS score of 9.8, the remote code execution flaw is the most dangerous on paper this month and impacts the Windows Internet Key Exchange (IKE) service.
Open  Settings Click the  Start  button (the Windows logo at the bottom left of your screen).
Windows will search for the latest Patch Tuesday updates.
5. Double-check you’re up to date After restarting, go back to  Windows Update  and check again.
organisation CVSS
The second zero-day this month, tracked as CVE-2026-33825 with a CVSS score of 7.8 out of 10, is an elevation of privilege (EoP) vulnerability in Microsoft Defender’s anti-malware platform.
With a CVSS score of 9.8, the remote code execution flaw is the most dangerous on paper this month and impacts the Windows Internet Key Exchange (IKE) service.
organisation Microsoft Defender’s
The second zero-day this month, tracked as CVE-2026-33825 with a CVSS score of 7.8 out of 10, is an elevation of privilege (EoP) vulnerability in Microsoft Defender’s anti-malware platform.
organisation Microsoft Defender
CVE-2026-33825 is an elevation of privilege (EoP) vulnerability in Microsoft Defender that could enable a threat actor to gain system-level access.
organisation the Windows Internet Key Exchange
With a CVSS score of 9.8, the remote code execution flaw is the most dangerous on paper this month and impacts the Windows Internet Key Exchange (IKE) service.
organisation IKE
With a CVSS score of 9.8, the remote code execution flaw is the most dangerous on paper this month and impacts the Windows Internet Key Exchange (IKE) service.
organisation Windows Update
5. Double-check you’re up to date After restarting, go back to  Windows Update  and check again.
organisation Microsoft
Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.”
organisation Restart
In which case you may see a  Restart required  message.
organisation Install
4.  Download and Install If updates are found, they’ll start downloading automatically.
infrastructure 4 Download
4.  Download and Install If updates are found, they’ll start downloading automatically.
organisation Microsoft Fixes
Microsoft Fixes Two Zero-Days in April Patch Tuesday.
organisation CVE
Jack Bicer, director of vulnerability research at Action1, warned that the CVE could be chained with others in real-world attacks.
organisation EoP Bugs Dominate
EoP Bugs Dominate April
organisation EoP
In fact, EoP vulnerabilities are by far the largest category of CVEs this month, amounting to 93 flaws.
organisation IKEv2
Threat actors could exploit the vulnerability remotely by sending specially crafted network packets, with internet-facing IKEv2 systems particularly at risk, he said.
organisation IPsec
“This issue poses a serious threat to enterprise environments, especially those relying on VPN or IPsec for secure communications,” Walters continued.
Tactical Metrics
Metrics
infrastructure
‎Windows
Affected Product
With a CVSS score of 9.8, the remote code execution flaw is the most dangerous on paper this month and impacts the Windows Internet Key Exchange (IKE) service.
Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments.” How to apply fixes and check if you’re protected These updates fix security problems and keep your Windows PC protected.
Open  Settings Click the  Start  button (the Windows logo at the bottom left of your screen).
Windows will search for the latest Patch Tuesday updates.
5. Double-check you’re up to date After restarting, go back to  Windows Update  and check again.
Metrics
infrastructure
‎Microsoft Office
Affected Product
The vulnerability tracked as CVE-2026-32201 ( CVSS score 6.5 out of 10)  is an improper input validation issue in Microsoft Office SharePoint that allows an unauthorized attacker to perform spoofing over a network.
In addition, BleepingComputer warns : “Microsoft has also fixed multiple remote code execution bugs in Microsoft Office (Word and Excel) that can be executed via the preview pane or by opening malicious documents.
Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments.” How to apply fixes and check if you’re protected These updates fix security problems and keep your Windows PC protected.
Metrics
infrastructure
4
Download
4.  Download and Install If updates are found, they’ll start downloading automatically.
Intelligence Sources
Malware Bytes 2026-04-15
Infosecurity-Magazine 2026-04-15
Infosecurity-Magazine 2026-04-15