Microsoft Patch Tuesday: April 2026

On 14 April 2026, Microsoft released its April 2026 security update, addressing 165 newly disclosed vulnerabilities. Among these, Arctic Wolf has highlighted two vulnerabilities in this security bulletin.

Vulnerabilities

Vulnerability

CVSS

Description

Exploited?

CVE-2026-32201

6.5

Microsoft SharePoint Server Spoofing Vulnerability – Allows an unauthorized threat actor to perform spoofing over a network due to improper input validation. This vulnerability could allow a threat actor to view or modify sensitive information.

· No details about the exploitation of this vulnerability have been disclosed.

Yes

CVE-2026-33824

9.8

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability – An unauthenticated threat actor can achieve remote code execution by sending specially crafted packets to a Windows machine with IKE version 2 enabled. This issue stems from a double-free vulnerability in the Windows IKE extension.

Recommendation

Upgrade to Latest Fixed Versions

Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.

Affected Product	Vulnerability	Update Article
Windows Server 2025	CVE-2026-33824	5082063
Windows Server 2022, 23H2 Edition	CVE-2026-33824	5082060
Windows Server 2022	CVE-2026-33824	5082142
Windows Server 2019	CVE-2026-33824	5082123
Windows Server 2016	CVE-2026-33824	5082198
Windows 11 version 26H1 for x64, and ARM64-based Systems	CVE-2026-33824	5083768
Windows 11 Version 25H2 for x64, and ARM64-based Systems	CVE-2026-33824	5083769
Windows 11 Version 24H2 for x64, and ARM64-based Systems	CVE-2026-33824	5082063
Windows 11 Version 23H2 for x64, and ARM64-based Systems	CVE-2026-33824	5082052
Windows 10 Version 22H2 for 32-bit, x64, and ARM64-based Systems	CVE-2026-33824	5082200
Windows 10 Version 21H2 for x64, and ARM64-based Systems	CVE-2026-33824	5082200
Windows 10 Version 1809 for 32-bit, and x64-based Systems	CVE-2026-33824	5082123
Windows 10 Version 1607 for 32-bit, and x64-based Systems	CVE-2026-33824	5082198
Microsoft SharePoint Server Subscription Edition	CVE-2026-32201	5002853
Microsoft SharePoint Server 2019	CVE-2026-32201	5002854
Microsoft SharePoint Enterprise Server 2016	CVE-2026-32201	5002861

Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.

References

Microsoft Patch Tuesday (April 2026)
- CVE-2026-32201
- CVE-2026-33824

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Microsoft Patch Tuesday: April 2026

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

Company

Careers

Press

Microsoft Patch Tuesday: April 2026

Recommendation

Upgrade to Latest Fixed Versions

References

Popular Topics

Share this post:

What to read next

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Customer Portal Policy

Accessibility Statement

Sustainability Statement

Information Security

Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Microsoft Patch Tuesday: April 2026

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

Company

Careers

Press

Microsoft Patch Tuesday: April 2026

Recommendation

Upgrade to Latest Fixed Versions

References

Popular Topics

Share this post:

What to read next

2 min read

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

4 min read

Supply Chain Attack Impacts Widely Used Axios npm Package

2 min read

CVE-2025-53521: F5 BIG-IP APM Vulnerability Reclassified as Unauthenticated RCE and Exploited in the Wild

4 min read

Microsoft Patch Tuesday: March 2026

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK