Today is the monthly 'Windows Update' day, which also addresses zero-day vulnerabilities that have already been exploited.
The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released. The update released on April 15, 2026 (Japan time) includes seven updates rated as 'Critical' and seven updates rated as 'Important'.
April 2026 Security Updates (Monthly)
https://www.microsoft.com/en-us/msrc/blog/2026/04/202604-security-update
Microsoft has released its April 2026 monthly security updates. These updates will be automatically applied by default. For organizations managing updates, we have published an overview on our blog. Please refer to it and deploy the updates as soon as possible. https://t.co/aQX5fcIcAj #security #updates #microsoft pic.twitter.com/sGVYWgfYRx
— Microsoft Security Team (@JSECTEAM) April 14, 2026
The following is a list of security updates for April 2026.
| Target Products | maximum severity | The biggest impact | Related support articles or support web pages |
|---|---|---|---|
| Windows 11 v26H1, v25H2, v24H2, v23H2 | emergency | Remote code execution is possible. | v26H1 5083768 v25H2, v24H2 5083769 v23H2 5082052 |
| Windows Server 2025 (including Server Core installation) | emergency | Remote code execution is possible. | 5082063 |
| Windows Server 2022, 23H2 (including Server Core installation) | emergency | Remote code execution is possible. | Windows Server 2022, 5082142 Windows Server 23H2, 5082060 |
| Windows Server 2019, 2016 (including Server Core installation) | emergency | Remote code execution is possible. | Windows Server 2019, 5082123 Windows Server 2016, 5082198 |
| Remote Desktop Clients and Related Services | emergency | Remote code execution is possible. | https://learn.microsoft.com/troubleshoot/windows-server/remote/remote-desktop-services-overview |
| Microsoft Office | emergency | Remote code execution is possible. | https://learn.microsoft.com/officeupdates |
| Microsoft SharePoint | important | impersonation | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft .NET and .NET Framework | emergency | Denial of Service | https://learn.microsoft.com/dotnet |
| Microsoft Visual Studio | important | Information leak | https://learn.microsoft.com/visualstudio |
| Microsoft Dynamics 365 | important | Information leak | https://learn.microsoft.com/dynamics365 |
| Microsoft SQL Server | important | Remote code execution is possible. | https://learn.microsoft.com/sql |
| Microsoft Azure | important | Elevation of privileges | https://learn.microsoft.com/azure |
| Microsoft Defender Antimalware Platform | important | Elevation of privileges | https://learn.microsoft.com/defender |
| PowerShell | important | Security feature bypass | https://learn.microsoft.com/powershell |
Of the vulnerabilities fixed by the update, the 'Microsoft Defender Privilege Escalation Vulnerability ( CVE-2026-33825 )' had its details made publicly available before the update was released, and users are advised to apply the update as soon as possible.
Furthermore, it has been confirmed that the 'Microsoft SharePoint Server impersonation vulnerability ( CVE-2026-32201 )' has already been exploited. It seems best to update as soon as possible.
Windows Update is released on the second Tuesday of every month in US time, and the next update is scheduled for release on Wednesday, May 13, 2026, Japan time.
Related Posts:
in Security, Posted by log1d_ts