April 2026 Patch Tuesday: Record Number of Fixes Including Actively Exploited Zero-Days

Introduction

Microsoft's April 2026 Patch Tuesday delivered an unprecedented wave of security updates, addressing a staggering 167 vulnerabilities across Windows and related software. Among the most critical fixes are a zero-day in SharePoint Server already under active attack and a publicly exploited privilege escalation flaw in Windows Defender known as BlueHammer. Additionally, Google Chrome patched its fourth zero-day of the year, and Adobe released an emergency update for Reader to close an actively exploited remote code execution hole. This article breaks down the key updates and what IT teams need to prioritize.

April 2026 Patch Tuesday: Record Number of Fixes Including Actively Exploited Zero-Days — Source: krebsonsecurity.com

Critical SharePoint Zero-Day Under Active Attack

Microsoft warns that attackers are already weaponizing CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows spoofing of trusted content or interfaces over a network. The flaw enables malicious actors to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments. Mike Walters, president and co-founder of Action1, emphasized the serious risks: “This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise. The presence of active exploitation significantly increases organizational risk.” Organizations running SharePoint should apply this update immediately.

Windows Defender BlueHammer Flaw Addressed

Microsoft also closed CVE-2026-33825, a privilege escalation vulnerability in Windows Defender, dubbed BlueHammer. According to BleepingComputer, the researcher who discovered the bug published exploit code after becoming frustrated with Microsoft's response time. Will Dormann, senior principal vulnerability analyst at Tharros, confirmed that after installing today's patches, the public BlueHammer exploit code no longer works. This highlights the importance of timely patching even for seemingly minor security tools.

Adobe Reader Emergency Patch for Exploited Vulnerability

On April 11, Adobe released an emergency update for Reader to fix CVE-2026-34621, a critical flaw that could lead to remote code execution. Satnam Narang, senior staff research engineer at Tenable, noted that there are indications this vulnerability has been actively exploited since at least November 2025. Users of Adobe Reader should ensure they are running the latest version to block ongoing attacks.

Browsers and the Rising Tide of Vulnerabilities

Adam Barnett, lead software engineer at Rapid7, called the record-breaking patch total “a new record in that category,” largely driven by nearly 60 browser vulnerabilities. The spike may be linked to the buzz around Project Glasswing — an unreleased AI capability from Anthropic reportedly adept at finding software bugs. However, Barnett pointed out that Microsoft Edge is built on the Chromium engine, and many of the vulnerabilities came from Chromium maintainers who acknowledged a wide range of researchers. “A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,” Barnett said. “We should expect to see further increases in vulnerability reporting volume as the impact of AI models extends further, both in terms of capability and availability.”

Meanwhile, Google Chrome fixed its fourth zero-day of 2026 in a separate update. Regardless of which browser you use, it is crucial to completely close and restart the browser after applying patches to ensure the fixes take effect.

Final Recommendations

Apply Microsoft patches immediately — especially for SharePoint (CVE-2026-32201) and Windows Defender (CVE-2026-33825).
Update Adobe Reader to the latest version to mitigate the actively exploited CVE-2026-34621.
Restart your browser after updating to ensure Chrome or Edge patches are fully loaded.
Stay vigilant — the growing number of vulnerabilities attributed to AI-assisted discovery means patch cycles may accelerate. Plan your update schedules accordingly.