Microsoft's massive Patch Tuesday: It's raining bugs
(2026/04/14)
- Reference: 1776199228
- News link: https://www.theregister.co.uk/2026/04/14/microsofts_massive_patch_tuesday/
- Source link:
Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.
The monthly patch party included a whopping [1]165 new Microsoft CVEs .
And the bug under active exploitation, [2]CVE-2026-32201 , is due to improper input validation in SharePoint that allows an unauthorized attacker to perform spoofing over a network. This could allow someone to view sensitive information and make changes to disclosed information.
[3]
"By exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content," Mike Walters, president and cofounder of patch management provider Action1, told us, adding that this bug can be abused in phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise.
[4]
[5]
"The flaw lets attackers fake trust at scale: what looks legitimate may actually be a carefully crafted deception," Walters said. "It can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments."
Redmond did not provide any details about how this security hole is being abused in the wild - nor who disclosed it.
[6]
Maybe [7]Mythos , or another [8]bug-hunting AI ? The Register asked Microsoft to provide additional information, and here's what we received: "Each year, MSRC processes thousands of vulnerability reports from Microsoft and external researchers, so the number addressed in any given Update Tuesday can vary. Today’s release does not reflect a significant increase in AI‑driven discoveries, though we did credit one vulnerability to an Anthropic researcher using Claude."
As Zero Day Initiative chief vuln finder [9]Dustin Childs noted in his monthly PT writeup, this is - by his count - Microsoft's second-largest monthly CVE release ever.
"There are many things we could speculate on to justify the size, but if Microsoft is like the other programs out there (including ours), they are likely seeing a rise in submissions found by AI tools," Childs wrote.
[10]Anthropic: All your zero-days are belong to Mythos
[11]AI has gotten good at finding bugs, not so good at swatting them
[12]Azure issues not adequately fixed for months, complain bug hunters
[13]Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
While CVE-2026-32201 is the only bug out of the 165 new CVEs listed as under active exploitation - at the time of release, anyway - another bug is publicly known.
This one, tracked as [14]CVE-2026-33825 , is an elevation of privilege flaw in Microsoft Defender. While Microsoft doesn't mention this in its advisory, other security shops pointed out that the [15]Defender bug matches [16]exploit code called BlueHammer , published on GitHub earlier this month by a disgruntled researcher calling themselves "Chaotic Eclipse."
[17]
It seems they were none too happy with Microsoft's disclosure process. "I never wanted to reopen a blog and a new github account to drop code... But someone violated our agreement and left me homeless with nothin…," Chaotic Eclipse [18]wrote on April 2.
They [19]aren't the first to [20]criticize [21]Redmond's bug reporting process and [22]response to researchers .
"I won't add on to the commentary from the researcher about working with Microsoft," Childs wrote. "I'm just glad they are offering a fix for the vulnerability. If you rely on Defender, test and deploy this one quickly." ®
Get our [23]Tech Resources
[1] https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
[2] https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-32201
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2026/04/07/anthropic_all_your_zerodays_are_belong_to_us/
[8] https://www.theregister.com/2026/02/24/ai_finding_bugs/
[9] https://www.zerodayinitiative.com/blog/2026/4/14/the-april-2026-security-update-review
[10] https://www.theregister.com/2026/04/07/anthropic_all_your_zerodays_are_belong_to_us/
[11] https://www.theregister.com/2026/02/24/ai_finding_bugs/
[12] https://www.theregister.com/2022/06/14/security_azure_patch/
[13] https://www.theregister.com/2026/04/13/ransomware_gang_other_crims_attacking/
[14] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33825
[15] https://www.tenable.com/blog/microsofts-april-2026-patch-tuesday-addresses-163-cves-cve-2026-32201
[16] https://www.cyderes.com/howler-cell/windows-zero-day-bluehammer
[17] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[18] https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html
[19] https://www.theregister.com/2024/06/05/tenable_azure_flaw/
[20] https://www.theregister.com/2022/06/14/security_azure_patch/
[21] https://www.theregister.com/2023/08/03/microsoft_teams_cozy_bear/
[22] https://www.theregister.com/2025/10/24/m365_copilot_mermaid_indirect_prompt_injection/
[23] https://whitepapers.theregister.com/
The monthly patch party included a whopping [1]165 new Microsoft CVEs .
And the bug under active exploitation, [2]CVE-2026-32201 , is due to improper input validation in SharePoint that allows an unauthorized attacker to perform spoofing over a network. This could allow someone to view sensitive information and make changes to disclosed information.
[3]
"By exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content," Mike Walters, president and cofounder of patch management provider Action1, told us, adding that this bug can be abused in phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise.
[4]
[5]
"The flaw lets attackers fake trust at scale: what looks legitimate may actually be a carefully crafted deception," Walters said. "It can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments."
Redmond did not provide any details about how this security hole is being abused in the wild - nor who disclosed it.
[6]
Maybe [7]Mythos , or another [8]bug-hunting AI ? The Register asked Microsoft to provide additional information, and here's what we received: "Each year, MSRC processes thousands of vulnerability reports from Microsoft and external researchers, so the number addressed in any given Update Tuesday can vary. Today’s release does not reflect a significant increase in AI‑driven discoveries, though we did credit one vulnerability to an Anthropic researcher using Claude."
As Zero Day Initiative chief vuln finder [9]Dustin Childs noted in his monthly PT writeup, this is - by his count - Microsoft's second-largest monthly CVE release ever.
"There are many things we could speculate on to justify the size, but if Microsoft is like the other programs out there (including ours), they are likely seeing a rise in submissions found by AI tools," Childs wrote.
[10]Anthropic: All your zero-days are belong to Mythos
[11]AI has gotten good at finding bugs, not so good at swatting them
[12]Azure issues not adequately fixed for months, complain bug hunters
[13]Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
While CVE-2026-32201 is the only bug out of the 165 new CVEs listed as under active exploitation - at the time of release, anyway - another bug is publicly known.
This one, tracked as [14]CVE-2026-33825 , is an elevation of privilege flaw in Microsoft Defender. While Microsoft doesn't mention this in its advisory, other security shops pointed out that the [15]Defender bug matches [16]exploit code called BlueHammer , published on GitHub earlier this month by a disgruntled researcher calling themselves "Chaotic Eclipse."
[17]
It seems they were none too happy with Microsoft's disclosure process. "I never wanted to reopen a blog and a new github account to drop code... But someone violated our agreement and left me homeless with nothin…," Chaotic Eclipse [18]wrote on April 2.
They [19]aren't the first to [20]criticize [21]Redmond's bug reporting process and [22]response to researchers .
"I won't add on to the commentary from the researcher about working with Microsoft," Childs wrote. "I'm just glad they are offering a fix for the vulnerability. If you rely on Defender, test and deploy this one quickly." ®
Get our [23]Tech Resources
[1] https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
[2] https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-32201
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2026/04/07/anthropic_all_your_zerodays_are_belong_to_us/
[8] https://www.theregister.com/2026/02/24/ai_finding_bugs/
[9] https://www.zerodayinitiative.com/blog/2026/4/14/the-april-2026-security-update-review
[10] https://www.theregister.com/2026/04/07/anthropic_all_your_zerodays_are_belong_to_us/
[11] https://www.theregister.com/2026/02/24/ai_finding_bugs/
[12] https://www.theregister.com/2022/06/14/security_azure_patch/
[13] https://www.theregister.com/2026/04/13/ransomware_gang_other_crims_attacking/
[14] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33825
[15] https://www.tenable.com/blog/microsofts-april-2026-patch-tuesday-addresses-163-cves-cve-2026-32201
[16] https://www.cyderes.com/howler-cell/windows-zero-day-bluehammer
[17] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/patches&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ad65AtBKtlF9zqqu8W6YmgAAABM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[18] https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html
[19] https://www.theregister.com/2024/06/05/tenable_azure_flaw/
[20] https://www.theregister.com/2022/06/14/security_azure_patch/
[21] https://www.theregister.com/2023/08/03/microsoft_teams_cozy_bear/
[22] https://www.theregister.com/2025/10/24/m365_copilot_mermaid_indirect_prompt_injection/
[23] https://whitepapers.theregister.com/