Visualização normal

Antes de ontemStream principal

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

✇Security Affairs
Por:Pierluigi Paganini
15 de Abril de 2026, 11:03

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

  • CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability 

The first vulnerability added, tracked as CVE-2009-0238 (CVSS score of 9.3), affects multiple versions of Microsoft Excel and related viewers. It is triggered when a user opens a specially crafted Excel file that causes the application to access an invalid object in memory. This leads to memory corruption, allowing a remote attacker to execute arbitrary code on the affected system with the privileges of the user.

The vulnerability was actively exploited in the wild in February 2009, notably by the Trojan.Mdropper.AC malware, making it a significant real-world threat at the time.

The second flaw added to the catalog, tracked as CVE-2026-32201, is a critical SharePoint zero-day actively exploited in attacks in the wild, as reported by Microsoft.

CVE-2026-32201 (CVSS score of 6.5) is a spoofing vulnerability in Microsoft SharePoint Server, likely related to cross-site scripting (XSS). While details are limited, it could allow attackers to view or modify exposed information. Microsoft has not disclosed how widespread exploitation is, but given the potential impact, organizations, especially those with internet-facing SharePoint servers—should prioritize testing and applying the patch quickly.

“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.” reads the advisory. “An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).” “Exploitation Detected”

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by April 28, 2026.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

  • ✇Firewall Daily – The Cyber Express
  • Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update Ashish Khaitan
    Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems and associated software. This latest Microsoft Patch Tuesday also includes fixes for two zero-day vulnerabilities, one of which was actively exploited in real-world attacks, alongside critical flaws affecting SharePoint Server, Microsoft Defender, and Microsoft Office.  The April edition of Mi
     
  • ↗️

Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update

✇Firewall Daily – The Cyber Express
Por:Ashish Khaitan
15 de Abril de 2026, 03:12

Microsoft Patch Tuesday April 2026

Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems and associated software. This latest Microsoft Patch Tuesday also includes fixes for two zero-day vulnerabilities, one of which was actively exploited in real-world attacks, alongside critical flaws affecting SharePoint Server, Microsoft Defender, and Microsoft Office.  The April edition of Microsoft Patch Tuesday highlights the complexity of modern cyber threats. Among the 167 vulnerabilities patched, eight are classified as “Critical.” Of these, seven involve remote code execution (RCE), while one relates to a denial-of-service (DoS) issue. The remaining vulnerabilities fall under various categories: 
  • 93 Elevation of Privilege vulnerabilities
  • 13 Security Feature Bypass vulnerabilities
  • 20 Remote Code Execution vulnerabilities
  • 21 Information Disclosure vulnerabilities
  • 10 Denial of Service vulnerabilities
  • 9 Spoofing vulnerabilities
Additionally, the security update addresses two zero-day vulnerabilities and several flaws in Microsoft Office applications. 

Microsoft Patch Tuesday: Zero-Day Vulnerabilities in Focus  

A major focus of this Patch Tuesday April 2026 cycle is the remediation of two zero-day vulnerabilities. One of the most concerning issues is an actively exploited spoofing vulnerability in Microsoft SharePoint Server. According to Microsoft, “Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.”   The company further explained that a successful attack could allow threat actors to access sensitive information and modify it, affecting both confidentiality and integrity, though not availability. Microsoft has not disclosed details about how the vulnerability was exploited or who discovered it.  The second zero-day, tracked as CVE-2026-33825, affects Microsoft Defender and allows attackers to gain SYSTEM-level privileges. This flaw has been resolved in Microsoft Defender Antimalware Platform version 4.18.26050.3011, which is being distributed automatically. Users can also manually install the update via Windows Security settings. The vulnerability was discovered by Zen Dodd and Yuanpei XU from HUST working with Diffract. 

Critical Vulnerabilities and Exploitation Risks 

Beyond zero-days, Microsoft Patch Tuesday April 2026, includes several critical vulnerabilities that demand immediate attention. For instance, CVE-2026-23666 affects the .NET framework and could allow attackers to execute a denial-of-service attack over a network.  Another critical flaw, CVE-2026-32157, impacts the Remote Desktop Client. It is a use-after-free vulnerability that can lead to code execution if a user connects to a malicious server. Similarly, multiple Microsoft Office vulnerabilities, such as CVE-2026-32190, CVE-2026-33114, and CVE-2026-33115, require local code execution but can be triggered remotely, often through malicious documents or even the preview pane. This makes them particularly dangerous in environments where users frequently handle email attachments.  CVE-2026-33824 targets the Windows Internet Key Exchange (IKE) extension and allows unauthenticated attackers to send specially crafted packets to achieve remote code execution. Microsoft recommends blocking inbound UDP ports 500 and 4500 if IKE is not in use as a mitigation step.  Other notable critical issues include vulnerabilities in Active Directory (CVE-2026-33826) and Windows TCP/IP (CVE-2026-33827), both of which could enable remote code execution under specific conditions. 

Office and SharePoint Remain High-Risk Targets 

This Patch Tuesday April also noted the risk posed by Microsoft Office and SharePoint. Multiple RCE vulnerabilities in Word and Excel can be exploited through malicious files, reinforcing the need for users to update their Office installations promptly.  Another vulnerability, CVE-2026-32201, affects SharePoint and allows spoofing attacks that can expose and alter sensitive data. This issue has already been observed in active exploitation.  While most vulnerabilities are rated as “Important,” security researchers have flagged several as more likely to be exploited. These include flaws in UEFI Secure Boot (CVE-2026-0390), Windows Kernel memory disclosure (CVE-2026-26169), and multiple elevation-of-privilege issues affecting components like WinSock, BitLocker, and the Desktop Window Manager.  Other notable vulnerabilities include spoofing issues in Remote Desktop and Windows Shell, as well as security bypass flaws in Windows Hello and BitLocker.  Outside of Microsoft, this Patch Tuesday April period also saw Google release fixes for its fourth Chrome zero-day vulnerability of 2026. Meanwhile, Adobe issued an emergency update for Acrobat Reader to address an actively exploited remote code execution flaw. 
  • ✇Krebs on Security
  • Patch Tuesday, April 2026 Edition BrianKrebs
    Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution. Redmond warns that attackers are already targeting CVE-2026-32201,
     
  • ↗️

Patch Tuesday, April 2026 Edition

✇Krebs on Security
Por:BrianKrebs
14 de Abril de 2026, 18:47

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

A picture of a windows laptop in its updating stage, saying do not turn off the computer.

Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.

Mike Walters, president and co-founder of Action1, said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.

“This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said. “The presence of active exploitation significantly increases organizational risk.”

Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing exasperated with their response. Will Dormann, senior principal vulnerability analyst at Tharros, says he confirmed that the public BlueHammer exploit code no longer works after installing today’s patches.

Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft. Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 — CVE-2026-34621 — has seen active exploitation since at least November 2025.

Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today “a new record in that category” because it includes nearly 60 browser vulnerabilities. Barnett said it might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing — a much-hyped but still unreleased new AI capability from Anthropic that is reportedly quite good at finding bugs in a vast array of software.

But he notes that Microsoft Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday.

“A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,” Barnett said. “We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.”

Finally, no matter what browser you use to surf the web, it’s important to completely close out and restart the browser periodically. This is really easy to put off (especially if you have a bajillion tabs open at any time) but it’s the only way to ensure that any available updates get installed. For example, a Google Chrome update released earlier this month fixed 21 security holes, including the high-severity zero-day flaw CVE-2026-5281.

For a clickable, per-patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates? Leave a note about it in the comments below and there’s a decent chance someone here will pipe in with a solution.

❌
❌