(TLP:CLEAR) Microsoft Patches SharePoint Zero-Day and Other Significant Vulnerabilities in 2nd Largest Microsoft Patch Tuesday Ever

Summary: Microsoft released their 2^nd largest patch Tuesday updates ever in April, addressing 165 vulnerabilities. Of note, CVE-2026-32201 is a zero-day vulnerability in SharePoint and has been actively exploited in the wild. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The update also includes numerous vulnerabilities across Windows, Office, SQL Server, and other widely used enterprise products.

Analyst Note: Exploited vulnerabilities in widely deployed systems, particularly SharePoint and Active Directory, are frequently leveraged for initial access and lateral movement. Members are encouraged to prioritize patching internet-facing systems and review access controls for signs of exploitation.

Original Sources:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
• https://www.microsoft.com/technet/security/advisory/968272.mspx

Additional Reading:

• Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
• Microsoft security advisory – April 2026 monthly rollup (AV26-352)

Related WaterISAC PIRs: 6, 8, 10, 12