Microsoft released software updates today, addressing 167 security vulnerabilities across Windows operating systems and related software. This included a SharePoint Server zero-day and a publicly known flaw in Windows Defender, "BlueHammer." Google Chrome also patched its fourth zero-day of 2026. An Adobe Reader emergency update fixed an actively exploited flaw.

Redmond warned that attackers target CVE-2026-32201, a flaw in Microsoft SharePoint Server. This vulnerability allows spoofing of trusted content or interfaces across a network. Mike Walters, president and co-founder of Action1, stated CVE-2026-32201 can deceive employees, partners, or customers. Attackers present falsified information within SharePoint environments. "This CVE enables phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise," Walters said. He added that active exploitation significantly increases organizational risk.

Microsoft also fixed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. BleepingComputer reported the researcher who found the flaw published its exploit code. This happened after notifying Microsoft and becoming frustrated with the company's response. Will Dormann, a senior principal vulnerability analyst at Tharros, confirmed the public BlueHammer exploit code no longer works. This was after installing today's patches.

Satnam Narang, a senior staff research engineer at Tenable, called April the second-biggest Patch Tuesday for Microsoft. Narang noted indications that a zero-day flaw Adobe patched in an April 11 emergency update, CVE-2026-34621, has been actively exploited since at least November 2025.

Adam Barnett, lead software engineer at Rapid7, described today's Microsoft patch total as "a new record in that category." It includes nearly 60 browser vulnerabilities. Barnett suggested this sudden spike might link to Project Glasswing, announced a week ago. Project Glasswing is an unreleased Anthropic AI capability, reportedly effective at finding software bugs.

But Microsoft Edge uses the Chromium engine. Chromium maintainers acknowledge many researchers for vulnerabilities Microsoft republished last Friday. "This increase in volume is driven by ever-expanding AI capabilities," Barnett said. "We should expect further increases in vulnerability reporting as AI models extend their impact, both in capability and availability."

Users should completely close and restart their web browsers periodically. Many users delay this, especially with numerous open tabs. But it is the only way to ensure updates install. For example, a Google Chrome update earlier this month fixed 21 security holes. This included the high-severity zero-day flaw CVE-2026-5281.

For a detailed, per-patch breakdown, consult the SANS Internet Storm Center Patch Tuesday roundup.