Microsoft’s April 2026 Patch Tuesday Updates Fix 8 Critical Vulnerabilities

Microsoft’s latest Patch Tuesday delivers critical security fixes and subtle Windows 11 improvements.

Windows update hero image

Key Takeaways:

  • Microsoft fixes a large batch of security flaws across core Microsoft services.
  • Microsoft introduces targeted Windows 11 improvements, but quietly enhances security protections in key areas.
  • Microsoft highlights the urgency of patching while reminding organizations to test updates carefully before full deployment.

Microsoft has just released the April 2026 Patch Tuesday updates for all supported versions of Windows 11. This month, Microsoft fixed 163 new vulnerabilities in Windows, Office, Microsoft Edge, Azure, Hyper-V Server, BitLocker, and the Windows Wallet Service.

On the quality and experience updates front, Microsoft released a new patch that brings several new features for all users running Windows 11 versions 25H2 and 24H2. These updates follow the release of two emergency updates last month, which address Microsoft account sign-in issues in apps.

163 vulnerabilities fixed in the April 2026 Patch Tuesday updates

Among the 163 security vulnerabilities addressed with the April 2026 Patch Tuesday updates, 8 are rated Critical, two are Moderate, and the rest are rated Important in severity. Here are the most important patches you should know about this month:

  • CVE-2026-32201: This is a Microsoft SharePoint Server Spoofing vulnerability that allows hackers to access sensitive information. It could be exploited by attackers to spoof trusted content and enterprises over an enterprise network.
  • CVE-2026-33825: This is a local privilege‑escalation vulnerability in Microsoft Defender. It’s caused by overly permissive access controls, which allow a logged‑in user with low privileges to gain full SYSTEM‑level access on a Windows machine.
  • CVE-2026-33824: This is a critical remote code execution vulnerability in the Windows Internet Key Exchange (IKE) Service Extensions. It’s caused by a memory management error known as a double‑free. An unauthenticated attacker can exploit this flaw over the network by sending specially crafted traffic to IKE ports, which allows full system compromise without user interaction.
  • CVE-2026-33827: This is a critical remote code execution vulnerability in the Windows TCP/IP stack, which is triggered by a race condition that arises due to improper synchronization when handling shared resources in the networking code.
  • CVE‑2026‑33114: This is a high‑severity local code execution vulnerability in Microsoft Word caused by an untrusted pointer dereference. It allows an attacker to run arbitrary code if a malicious document is processed on a vulnerable Office installation.
  • CVE‑2026‑33115: This is a similar high‑severity Microsoft Word vulnerability, but it stems from a use‑after‑free memory flaw. It can also lead to local code execution when crafted content is handled, which impacts Windows and macOS Office versions.
  • CVE-2026-27906: This is a Windows Hello security feature bypass vulnerability caused by improper input validation, which allows an authorized attacker with high local privileges to bypass certain Windows Hello authentication protections on a system.

Quality and experience updates

Microsoft has released the KB5083769 update for Windows 11 versions 25H2 and 24H2. These include narrator improvements, Smart App Control improvements, File Explorer improvements, display improvements, new Pen settings, and Windows Recovery Environment improvements.

Additionally, Microsoft notes that 64 apps on ARM64 devices should now run more smoothly when using Windows RE. This update also protects customers against phishing attacks that use Remote Desktop (.rdp) files by showing all requested connection settings before proceeding.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system or files and folders on a granular basis.