Microsoft released its April 2026 Patch Tuesday update on 14 April, fixing 167 security vulnerabilities across Windows, Office, SharePoint, and a range of other products — including two zero-days currently being exploited in the wild, as reported by BleepingComputer.

The first zero-day, CVE-2026-32201, affects SharePoint Server and is being actively exploited right now. Attackers can spoof over a network connection, view sensitive data, and modify what’s disclosed once they have a foothold. The second, CVE-2026-33825, is a Microsoft Defender privilege escalation flaw — it’s been publicly disclosed and lets attackers elevate to SYSTEM-level access on an affected machine. Defender should update itself automatically, but look for Antimalware Platform version 4.18.26050.3011 to confirm the fix is applied. Beyond those two, there are eight critical flaws patched this month targeting Office documents (Word and Excel via the preview pane), Active Directory, Windows TCP/IP, and Remote Desktop — any of which could allow code execution on an unpatched system. At 167 vulnerabilities in one update cycle, this is one of the larger Patch Tuesdays on record.

If your business runs Windows or Microsoft 365 — and most Australian SMBs do — this needs attention today. Confirm Windows Update has run across your fleet, that Defender definitions are current, and that any SharePoint environments (on-premises or online) are covered. If you’re not sure whether your patch cycle is up to date, that uncertainty is itself the problem.

All IT Services manages patching across Windows and Microsoft 365 environments for Australian businesses. If you want a quick check on where you stand, contact our team, or learn more about our managed IT and support services.