April 2026 Patch Tuesday: Record Number of Fixes Includes Active Exploits

Microsoft's latest Patch Tuesday, released in April 2026, delivers a massive security update addressing 167 vulnerabilities across Windows and related software. Among the critical fixes are a zero-day flaw in SharePoint Server already under active attack, and a publicly disclosed privilege escalation bug in Windows Defender code-named BlueHammer. Meanwhile, Google Chrome patched its fourth zero-day of the year, and Adobe issued an emergency update for Reader to close a remotely exploitable vulnerability.

Record-Breaking Patch Count and Active Threats

This month's update sets a new benchmark for Microsoft, with nearly 60 vulnerabilities in the browser category alone, an unprecedented spike. According to Adam Barnett, lead software engineer at Rapid7, the sheer volume—especially the browser-related fixes—represents a new record. Many of these vulnerabilities were originally reported to the Chromium project and republished by Microsoft last Friday.

SharePoint Server Zero-Day (CVE-2026-32201)

Microsoft warns that attackers are actively exploiting CVE-2026-32201, a spoofing vulnerability in SharePoint Server that allows malicious actors to impersonate trusted content or interfaces over a network. Mike Walters, president and co-founder of Action1, explains that this flaw can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments. "This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise," Walters said. "The presence of active exploitation significantly increases organizational risk." Organizations using SharePoint should apply the patch immediately.

BlueHammer: Windows Defender Privilege Escalation (CVE-2026-33825)

Also addressed is BlueHammer (CVE-2026-33825), a privilege escalation vulnerability in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code after growing frustrated with Microsoft's response. Will Dormann, senior principal vulnerability analyst at Tharros, confirmed that the public BlueHammer exploit code no longer works after installing today's patches. The fix effectively neutralizes the publicly available exploit, but the incident highlights ongoing tensions in responsible disclosure.

Browser and Third‑Party Updates

Google Chrome Fixes Fourth Zero-Day of 2026

Google released a security update for Chrome that addresses its fourth zero-day vulnerability of the year. While details remain sparse, the update is considered critical and users are urged to restart their browsers to apply the fix. As with many browser vulnerabilities, the flaw could allow remote code execution or information disclosure.

Adobe Reader Emergency Patch

On April 11, Adobe issued an emergency update for Reader, fixing CVE-2026-34621, an actively exploited vulnerability that can lead to remote code execution. Satnam Narang, senior staff research engineer at Tenable, noted that there are indications this flaw has been exploited since at least November 2025. The severity of the flaw underscores the importance of keeping PDF readers up to date.

Analysis: AI's Growing Role in Vulnerability Discovery

The sharp increase in browser-related vulnerabilities has led some to speculate about the influence of artificial intelligence in bug hunting. Adam Barnett cautioned that it might be tempting to attribute the spike to recent hype around Project Glasswing—a rumored AI capability from Anthropic said to excel at finding software flaws. However, he emphasized that the majority of these vulnerabilities were already known to the Chromium project and republished by Microsoft. "A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities," Barnett said. "We should expect to see further increases in vulnerability reporting volume as the impact of AI models extends further, both in terms of capability and availability."

Regardless of the browser you use, it is critical to completely close and restart the browser after applying updates to ensure patches take effect. The April 2026 Patch Tuesday reinforces the need for rapid patch management and vigilance against a rising tide of exploits.