Tag :
Cyber Security

Summary

On April 15 (UTC+8), 2026, Microsoft released its April 2026 Security Updates, which included patches for a total of 247 CVEs, an increase of 154 CVEs compared to the previous month.

In terms of vulnerability severity, there were 10 vulnerabilities marked as "Critical" and 187 vulnerabilities marked as "Important/High". In terms of vulnerability types, there were primarily 62 remote code execution vulnerabilities, 93 escalation of privilege vulnerabilities, and 25 information disclosure vulnerabilities.

Statistics

Vulnerability Trend

Vulnerabilities Patched by Microsoft in the Last 12 Months

Figure 1 Vulnerabilities Patched by Microsoft in the Last 12 Months

  • On the whole, Microsoft released 247 patches in April 2026, including 10 critical vulnerability patches.
  • Based on Microsoft's historical vulnerability disclosures and the specific circumstances of this year, Sangfor FarSight Labs estimates that Microsoft will announce fewer vulnerabilities in the coming May in comparison to April. We expect a figure of approximately 100 vulnerabilities.

Comparison of Vulnerability Trends

The following figure shows the number of patches released by Microsoft in the month of April from 2023 to 2026.

Number of Windows Patches Released by Microsoft in April from 2023 to 2026

Figure 2 Number of Windows Patches Released by Microsoft in April from 2023 to 2026

The following figure shows the trend and number of vulnerabilities at different severity levels addressed by Microsoft in April from 2023 to 2026.

Number of Vulnerabilities by Severity Level Addressed by Microsoft in April from 2023 to 2026

Figure 3 Number of Vulnerabilities by Severity Level Addressed by Microsoft in April from 2023 to 2026

The following figure shows the number of vulnerabilities by type addressed by Microsoft in April from 2023 to 2026.

Number of Vulnerabilities by Type Addressed by Microsoft in April from 2023 to 2026

Figure 4 Number of Vulnerabilities by Type Addressed by Microsoft in April from 2023 to 2026

Data source: Microsoft security updates

  • Compared to last year, there has been an increase in terms of the number of vulnerabilities this year. The number of vulnerabilities addressed by Microsoft in April 2026 has increased. A total of 247 vulnerability patches, including 10 critical ones, have been reported this month.
  • Compared to last year, the number of vulnerabilities at the Critical level addressed by Microsoft has decreased, and that of vulnerabilities at the Important/High level has increased. Specifically, 10 vulnerabilities at the Critical level have been addressed, a decrease of about 9%; and 187 vulnerabilities at the Important/High level have been addressed, an increase of about 67%.
  • In terms of the vulnerability type, the number of remote code execution (RCE) vulnerabilities has increased, the number of denial-of-service (DoS) vulnerabilities has decreased, and the number of elevation of privilege (EoP) vulnerabilities has increased. We should remain highly vigilant because, when combined with social engineering techniques, attackers can exploit RCE vulnerabilities to take over the entire local area network (LAN) and launch attacks.

Details of Key Vulnerabilities

Analysis

Microsoft SharePoint Server Spoofing Vulnerability (CVE-2026-32201)

Microsoft SharePoint Server is an enterprise-level collaboration and content management platform developed by Microsoft. It provides core services such as document management, collaboration sites, search services, workflows, and permission management for enterprises. It is widely used in various enterprise portals, document centers, and business process platforms, and is responsible for processing unstructured and structured content and ensuring collaboration efficiency and access security.

A spoofing vulnerability exists in it, which attackers can exploit to carry out spoofing attacks on the network and lure users into accessing malicious sites or disclosing sensitive information. After assessment, this vulnerability has been confirmed to be exploited in actual attacks, which poses a significant threat. We recommend that users promptly update the Microsoft security patches.

Microsoft Defender Elevation of Privilege Vulnerability (CVE-2026-33825)

Microsoft Defender is an endpoint security protection system developed by Microsoft. It provides enterprises with core security services such as malware protection, real-time detection, vulnerability management, attack surface reduction, and permission management. Microsoft Defender is widely used in various Windows business systems, servers, and cloud workloads, and is responsible for detecting and blocking threats and ensuring system integrity, and access security.

An elevation of privilege vulnerability exists in it, which attackers can exploit to gain higher privileges on the target system. After assessment, it is considered that this vulnerability is critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Affected Versions

Vulnerability Name & CVE ID Affected Version
Microsoft SharePoint Server Spoofing Vulnerability (CVE-2026-32201)
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft Defender Elevation of Privilege Vulnerability (CVE-2026-33825)
Microsoft Defender Antimalware Platform

Solutions

Official Solution

Microsoft has released security patches for affected software. Affected users can install the corresponding security patches based on their system versions.

Download links:

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825

References

https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr

Timeline

On April 15, 2026, Microsoft released a security bulletin.

On April 15, 2026, Sangfor FarSight Labs released a vulnerability alert.

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Linux Cryptojacking Could be Secretly Draining Your Server Resources

Date : 26 May 2026
Read Now

GoldFactory Targets Vietnam and Thailand with Mobile Banking Fraud

Date : 12 May 2026
Read Now

LiteLLM SQL Injection (CVE-2026-42208)

Date : 29 Apr 2026
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Sangfor Athena XDR - Extended Detection and Response
Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail