INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Microsoft SharePoint Zero-Day Vulnerability Patch
| 2026-04-15 08:40 CRITICAL HIGHExecutive Summary AI-generated
The latest incident data reveals a staggering array of vulnerabilities that have been exploited in various systems and applications. A critical context is provided, detailing the severity of each flaw, including privilege escalation, information disclosure, remote code execution, security feature bypass, spoofing, and denial-of-service attacks. The metrics listed provide insight into the scope of these vulnerabilities, with 93 classified as privilege escalation followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities. These findings highlight a concerning trend in cybersecurity, where exploitation is on the rise, accounting for nearly half of all CVEs patched in April alone. The patch Tuesday cycle has seen significant drops in remote code execution (RCE) vulnerabilities, but information disclosure remains a persistent threat.
Technical Mitigations AI-generated
* Implement secure input validation and sanitization practices to prevent spoofing vulnerabilities, such as the one affecting Microsoft SharePoint Server (CVE-2026-32201).
* Regularly update and patch operating systems, browsers, and other software applications to ensure they have the latest security patches.
* Use secure coding practices, such as following established coding standards and guidelines, to reduce the risk of remote code execution vulnerabilities like CVE-2026-33824 (Windows Internet Key Exchange Service Extensions).
* Monitor network traffic for suspicious activity and implement measures to detect and respond to potential attacks, such as using intrusion detection systems or firewalls.
* Educate users about the importance of keeping software up-to-date and patched, and provide regular security awareness training to help prevent exploitation of known vulnerabilities.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-32201CVE-2026-32201
CVE-2023-20585CVE-2023-20585
CVE-2026-21637CVE-2026-21637
CVE-2026-33825CVE-2026-33825
CVE-2026-33824CVE-2026-33824
CVE-2026-32631CVE-2026-32631
CVE-2026-25250CVE-2026-25250
CVE-2026-33827CVE-2026-33827
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
Incident Timeline
October 2025
Threat actors exploited a spoofing vulnerability in Microsoft Office SharePoint Server.
Click on any entity below to view its context and source!
general_metric
183 massive security flaws
The release makes it the second biggest Patch Tuesday ever, a little below the record set in October 2025, when Microsoft addressed a
massive 183 security flaws
.
organisation
Microsoft SharePoint
The vulnerability that has come under active exploitation is
CVE-2026-32201
(CVSS score: 6.5), a spoofing vulnerability impacting Microsoft SharePoint Server.
infrastructure
Microsoft Office
"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network," Microsoft said in an advisory.
organisation
Microsoft Office SharePoint
"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network," Microsoft said in an advisory.
data_breach
57 record %
"Not only that, but elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April, while remote code execution (RCE) vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this month."
2026/03/16
Microsoft released updates for its Edge browser, addressing 78 vulnerabilities.
Click on any entity below to view its context and source!
organisation
Chromium
The updates are in addition to
78 vulnerabilities
that have been addressed in its Chromium-based Edge browser since the
update that was released last month
.
general_metric
78 vulnerabilities
The updates are in addition to
78 vulnerabilities
that have been addressed in its Chromium-based Edge browser since the
update that was released last month
.
April 2026
Microsoft released security patches for its SharePoint platform.
Click on any entity below to view its context and source!
organisation
Microsoft Patch
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day.
organisation
SharePoint
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day.
general_metric
165 fixed vulnerabilities
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day.
2026/04/15
Microsoft released updates to address 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Click on any entity below to view its context and source!
organisation
CVE-2026-32201
CVE-2026-32201
(CVSS score of 6.5) is a spoofing vulnerability in Microsoft SharePoint Server, likely related to cross-site scripting (XSS).
organisation
Microsoft SharePoint
CVE-2026-32201
(CVSS score of 6.5) is a spoofing vulnerability in Microsoft SharePoint Server, likely related to cross-site scripting (XSS).
infrastructure
Microsoft Office
“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.”
reads the advisory
.
organisation
Microsoft Office SharePoint
“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.”
reads the advisory
.
organisation
CVE-2026-33827
CVE-2026-33827 (CVSS score: 8.1)
– Windows TCP/IP Remote Code Execution Vulnerability
This flaw enables remote, unauthenticated attackers to execute code without user interaction, making it potentially wormable on systems with IPv6 and IPSec enabled.
infrastructure
Windows
CVE-2026-33827 (CVSS score: 8.1)
– Windows TCP/IP Remote Code Execution Vulnerability
This flaw enables remote, unauthenticated attackers to execute code without user interaction, making it potentially wormable on systems with IPv6 and IPSec enabled.
CVE-2026-33824 (CVSS score: 9.8)
– Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
This critical flaw in Windows IKE service extensions could allow remote attackers to execute code on affected systems.
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
organisation
IPv6
CVE-2026-33827 (CVSS score: 8.1)
– Windows TCP/IP Remote Code Execution Vulnerability
This flaw enables remote, unauthenticated attackers to execute code without user interaction, making it potentially wormable on systems with IPv6 and IPSec enabled.
organisation
IPSec
CVE-2026-33827 (CVSS score: 8.1)
– Windows TCP/IP Remote Code Execution Vulnerability
This flaw enables remote, unauthenticated attackers to execute code without user interaction, making it potentially wormable on systems with IPv6 and IPSec enabled.
organisation
CVE-2026-33824
CVE-2026-33824 (CVSS score: 9.8)
– Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
This critical flaw in Windows IKE service extensions could allow remote attackers to execute code on affected systems.
organisation
Windows Internet Key Exchange
CVE-2026-33824 (CVSS score: 9.8)
– Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
This critical flaw in Windows IKE service extensions could allow remote attackers to execute code on affected systems.
organisation
CVE-2023-20585
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
organisation
Node.js
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
organisation
non-Microsoft
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
organisation
AMD
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
organisation
Git for Windows (CVE-2026-32631
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
organisation
CVE
Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count.
organisation
Critical
Eight of these flaws are rated Critical, two are rated as Moderate, and the rest are rated Important in severity.
organisation
Microsoft
Microsoft has not disclosed how widespread exploitation is, but given the potential impact, organizations, especially those with internet-facing SharePoint servers—should prioritize testing and applying the patch quickly.
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities.
organisation
IKE
Systems with IKE enabled are at risk, though blocking UDP ports 500 and 4500 can reduce exposure from external threats.
organisation
UDP
Systems with IKE enabled are at risk, though blocking UDP ports 500 and 4500 can reduce exposure from external threats.
organisation
SecurityAffairs
Follow me on Twitter:
@securityaffairs
and
Facebook
and
Mastodon
Pierluigi Paganini
(
SecurityAffairs
– hacking, Microsoft Patch Tuesday)
organisation
Important
Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity.
data_breach
169 record security flaws
Microsoft on Tuesday released updates to address a record
169 security flaws
across its product portfolio, including one vulnerability that has been actively exploited in the wild.
April 28, 2026
Microsoft released security patches for CVE-2026-33825 and other vulnerabilities.
Click on any entity below to view its context and source!
infrastructure
7.8
Another vulnerability of note is a privilege escalation flaw in Microsoft Defender (
CVE-2026-33825
, CVSS score: 7.8), which has been flagged as publicly known at the time of release.
organisation
Microsoft Defender
Another vulnerability of note is a privilege escalation flaw in Microsoft Defender (
CVE-2026-33825
, CVSS score: 7.8), which has been flagged as publicly known at the time of release.
organisation
CVSS
Another vulnerability of note is a privilege escalation flaw in Microsoft Defender (
CVE-2026-33825
, CVSS score: 7.8), which has been flagged as publicly known at the time of release.
infrastructure
Windows
One of the most severe vulnerabilities is a case of remote code execution impacting the Windows Internet Key Exchange (IKE) Service Extensions.
"Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution," Adam Barnett, lead software engineer at Rapid7, said in a statement.
"Vulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we’d see more wormable vulnerabilities self-propagating across the internet.
organisation
the Windows Internet Key Exchange
One of the most severe vulnerabilities is a case of remote code execution impacting the Windows Internet Key Exchange (IKE) Service Extensions.
organisation
IKE
"Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution," Adam Barnett, lead software engineer at Rapid7, said in a statement.
organisation
IPSec
"
Walters noted that the security flaw poses a serious threat to enterprise environments, particularly those relying on VPN or IPsec for secure communications.
organisation
Walters
"
Walters noted that the security flaw poses a serious threat to enterprise environments, particularly those relying on VPN or IPsec for secure communications.
organisation
IKEv2
"Internet-facing systems running IKEv2 services are particularly at risk, and delaying patch deployment increases exposure to potential widespread attacks."
April 28
Threat actors exploited CVE-2026-32201 to target the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Click on any entity below to view its context and source!
attribution
CVE-2026-32201
"
The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
it to the Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026.
attribution
the Known Exploited
"
The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
it to the Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026.
tactic
T1588.006 - Vulnerabilities
"
The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
it to the Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026.
attribution
KEV
"
The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
it to the Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026.
attribution
Federal Civilian Executive Branch
"
The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
it to the Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026.
attribution
FCEB
"
The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
it to the Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026.
Tactical Metrics
Metrics
infrastructure
Microsoft Office
Affected Product
Click for context!
“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.”
reads the advisory
.
"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network," Microsoft said in an advisory.
Metrics
infrastructure
Windows
Affected Product
CVE-2026-33827 (CVSS score: 8.1)
– Windows TCP/IP Remote Code Execution Vulnerability
This flaw enables remote, unauthenticated attackers to execute code without user interaction, making it potentially wormable on systems with IPv6 and IPSec enabled.
CVE-2026-33824 (CVSS score: 9.8)
– Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
This critical flaw in Windows IKE service extensions could allow remote attackers to execute code on affected systems.
Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).
One of the most severe vulnerabilities is a case of remote code execution impacting the Windows Internet Key Exchange (IKE) Service Extensions.
"Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution," Adam Barnett, lead software engineer at Rapid7, said in a statement.
"Vulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we’d see more wormable vulnerabilities self-propagating across the internet.
Metrics
infrastructure
7.8
Software Version
Another vulnerability of note is a privilege escalation flaw in Microsoft Defender (
CVE-2026-33825
, CVSS score: 7.8), which has been flagged as publicly known at the time of release.
Metrics
data_breach
57
Record %
"Not only that, but elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April, while remote code execution (RCE) vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this month."
Metrics
data_breach
169
Record Security Flaws
Microsoft on Tuesday released updates to address a record
169 security flaws
across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Intelligence Sources
Security Affairs
2026-04-15
The Hacker News
2026-04-15
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T06:23
Comprehensive Tactical Telemetry
Highly Correlated Entities
29x
organisation
Identified Entity
CVE-2026-32201
entity
8x
vulnerability
Exploited CVE
CVE-2026-32201
cve
6x
timeline
Temporal Reference
April 2026
date
6x
attribution
Attributing Entity
CVE-2026-32201
authority
4x
tactic
Cyber Operation Type
Spoofing
tactic
2x
vulnerability
CVSS Score
6
score
2x
tactic
MITRE ATT&CK Technique
T1584.004 - Server
technique
2x
infrastructure
Affected Product
Microsoft Office
software
2x
general metric
Vulnerabilities
78
vulnerabilities
Contextual Telemetry
Context Block
16 METRICS
target region
Target Country
United States
country
general metric
Score
8
score
general metric
Cvss Score
8
cvss score
general metric
Vulnerability Critical Flaw
10
vulnerability critical flaw
general metric
Fixed Vulnerabilities
165
fixed vulnerabilities
general metric
Udp Ports
500
udp ports
general metric
Information Disclosure
21
information disclosure
general metric
Security Feature Bypass
14
security feature bypass
general metric
Spoofing
10
spoofing
infrastructure
Software Version
7.8
version
general metric
Flaws
169
flaws
data breach
Record %
57
record %
general metric
%
12
%
general metric
Other New Vulnerabilities
168
other new vulnerabilities
general metric
Massive Security Flaws
183
massive security flaws
data breach
Record Security Flaws
169
record security flaws
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.