Microsoft April 2026 Patch Tuesday Update for Windows 11 and 10

Microsoft’s April 2026 Patch Tuesday update, released on April 14, 2026, addresses 167 vulnerabilities, including two actively exploited zero-days and eight critical flaws. The update primarily targets Windows 10/11, Microsoft Office, SharePoint Server, and .NET Framework, and fixes issues such as Remote Code Execution (RCE) and Elevation of Privilege (EoP).

• Total vulnerabilities patched: Microsoft patched 167 security vulnerabilities across its Windows operating systems and supported software.
• Zero‑day vulnerabilities: Two zero-days were fixed
  • CVE-2026-33825 (CVSS 7.8): Elevation of privilege in Microsoft Defender.
  • CVE-2026-32201 (CVSS 6.5): spoofing vulnerability in SharePoint Server. 
• Critical vulnerabilities: Eight “Critical” vulnerabilities, including CVE-2026-23666 (.NET Framework DoS), CVE-2026-33827 (Windows TCP/IP RCE), and several Microsoft Word RCE vulnerabilities (CVE-2026-33114, CVE-2026-33115).
• Patch release date: April 14, 2026 (second Tuesday of the month)

For Windows 11 and Windows 10 users, this Patch Tuesday is primarily focused on hardening security rather than a feature‑heavy update. It closes multiple attack paths involving LSASS, Windows kernel, SMB Server, SQL Server, Office, Excel, and SharePoint.

These updates are available through Windows Update, WSUS, SCCM, and the Microsoft Update Catalog.

What is the Patch Tuesday Update?

Microsoft Patch Tuesday (also called Update Tuesday) occurs on the second Tuesday of every month. On this day, Microsoft releases:

• Security updates to fix vulnerabilities
• Quality updates to fix bugs, improve stability and performance

Vulnerability vs. bug:

• A vulnerability is a weakness or flaw that attackers can exploit to gain unauthorized access, execute code, steal data, or disrupt services.
• A bug is an error or defect that causes software to behave unexpectedly. Some bugs also create vulnerabilities.

What is a security update?

A security update (or patch) is a piece of code that fixes or mitigates one or more vulnerabilities or bugs.

Microsoft rates vulnerabilities with four severity levels:

• Critical: Could allow remote code execution without user interaction and lead to full system compromise.
• Important: Could compromise data or functionality, usually requires some user interaction or specific conditions.
• Moderate: Less likely to be exploited but still has security impact.
• Low: Very unlikely to be exploited and minimal impact.

April 2026 focuses heavily on Critical and Important vulnerabilities in Windows, Office, and related services.

Zero‑Day Vulnerabilities Fixed in April 2026

Microsoft has confirmed that two zero‑day issues were fixed this month.

The first, CVE-2026-33825, is an elevation of privilege vulnerability in Microsoft Defender. This flaw, publicly known as “BlueHammer,” allows a local authenticated attacker to escalate their privileges to the SYSTEM level. The exploit chain abuses legitimate Windows components, specifically hijacking the IMpService RPC interface used for Defender engine updates. It leverages Time-of-Check to Time-of-Use (TOCTOU) race conditions and NTFS junctions to redirect file operations, effectively turning Defender’s own update mechanism into a privilege escalation tool.

The second zero‑day, CVE-2026-32201, is a spoofing vulnerability in Microsoft SharePoint Server that was actively exploited in attacks. The flaw stems from improper input validation, allowing an unauthorized attacker to perform spoofing over a network. An attacker who successfully exploits it can view and modify sensitive information (impacting Confidentiality and Integrity). This vulnerability poses a significant risk to internet-facing SharePoint instances, as no authentication is required to exploit it. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, mandating its remediation by April 28, 2026.

Critical Remote Code Execution (RCE) Vulnerabilities

Alongside these zero‑days, Microsoft also addresses eight critical vulnerabilities, seven of which are Remote Code Execution (RCE) flaws and one is a Denial of Service (DoS) flaw. The most severe are concentrated in Microsoft Office and SharePoint.

CVE-2026-32190 (Critical, RCE): A critical remote code execution vulnerability in Microsoft Office. An attacker can exploit this by sending a specially crafted document. The vulnerability can be triggered merely by previewing the malicious file in the Outlook reading pane, without the user needing to open it, making it highly dangerous for email-based attacks. 

CVE-2026-33115 & CVE-2026-33114 (Critical, RCE): Two critical remote code execution vulnerabilities in Microsoft Word. Similar to the above, these flaws allow an attacker to execute arbitrary code on a victim’s system by tricking them into opening a malicious Word document. These are high-priority targets for phishing campaigns.

CVE-2026-23666 (Critical, DoS): A critical denial of service vulnerability in the .NET Framework.  While not allowing code execution, a successful exploit can cause a targeted application to crash, leading to service disruption and potential denial of service for users. 

SharePoint RCE Flaws: Although not explicitly listed as “Critical” in the primary summary, multiple sources confirm the patching of CVE-2026-20963, a critical unauthenticated Remote Code Execution vulnerability in Microsoft SharePoint Server (affecting 2016, 2019, and Subscription Edition). This flaw, stemming from insecure deserialization, allows a remote attacker to execute code on the server without needing to log in, posing an extreme risk to internet-facing SharePoint servers. It was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, mandating its urgent remediation

The patch resolves 93 Elevation of Privilege, 20 Remote Code Execution, and 21 Information Disclosure vulnerabilities across components like .NET, Azure, PowerShell, and the Desktop Window Manager. 

What’s New for Windows 11 and Windows 10 in April 2026?

KB5083769 for Windows 11 25H2 (Build 26200.8246) and 24H2 (Build 26100.8246) received significant quality-of-life improvements, including the ability to toggle Smart App Control without a clean install, enhanced Narrator image descriptions on Copilot+ PCs, and fixes for sfc /scannow error reporting.

• Smart App Control: Users can now toggle this security feature directly from Settings without reinstalling Windows. 
• Narrator: Enhanced with on-device image description capabilities for Copilot+ PCs and full Copilot integration. 
• Secure Boot: New status alerts appear in Windows Security, and a fix prevents unintended BitLocker Recovery loops. 
• Networking & Remote Desktop: Improved SMB compression reliability and phishing protection for .rdp file connections. 
• System Stability: Resolved “Reset this PC” failures and extraneous error messages from sfc /scannow.

Windows 10 received KB5082200 (Build 19045.7184), which adds Remote Desktop Protocol (.rdp) phishing protections and fixes sign-in issues with Microsoft accounts.

• Sign-in Fixes: Resolves an issue where some users could not sign in to apps with a Microsoft account (e.g., Microsoft Teams) due to a false “no Internet” error, a bug introduced in updates released on or after March 10, 2026. 
• Remote Desktop Protections: Enhances security against phishing attacks using .rdp files by forcing Remote Desktop to display all requested connection settings (turned off by default) before connecting, along with a one-time security warning upon the first opening of an .rdp file. 
• Secure Boot Enhancements: Introduces dynamic status reporting for Secure Boot states in the Windows Security app, allowing users to view rollout status via badges and notifications; it also fixes a bug where devices could enter BitLocker Recovery after Secure Boot updates.

How to Download and Install the April 2026 Security Updates

You can install the April 2026 Patch Tuesday updates using:

• Windows Update (Settings > Windows Update > Check for updates)
• Microsoft Update Catalog (for offline installers)
• Windows Server Update Services (WSUS)
• System Center Configuration Manager (SCCM) / Microsoft Endpoint Configuration Manager

For manual installation, Microsoft typically publishes offline installers such as:

• Windows 11 KB5083769 (for versions 25H2/24H2) – 64‑bit
• Windows 11 KB5082052 (for versions 23H2/22H2) – 64‑bit
• Windows 10 KB5082200 (for versions 22H2/21H1 via ESU) – 64‑bit and 32‑bit (x86)

You can also:

• Download Windows 11 ISO if you need to perform an in‑place upgrade or repair install.
• Use the Media Creation Tool or the Windows 11 installation assistant to upgrade supported devices to the latest Windows 11 version (e.g., 25H2).

If you encounter issues (updates stuck at a certain percentage, error codes during installation, etc.), refer to your Windows 11 Update troubleshooting guide to fix common problems.

Frequently Asked Questions

Also Read

• Complete Review of Microsoft Windows 10 Operating System
• Solved: Microsoft Edge not working after the Windows 10 update
• can’t connect securely to this page IE11 or Edge Windows 10
• Windows 10 Stuck Preparing Automatic Repair? Here is how to fix
• Everything About IP (Internet Protocol) Address – Purpose to Benefits explained