Microsoft Releases 167 Patches in Largest-Ever Update, Warns of Active Exploitation
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software. The record-breaking batch includes a SharePoint Server zero-day currently under active attack and a publicly disclosed privilege escalation flaw in Windows Defender known as BlueHammer.
Separately, Google Chrome patched its fourth zero-day of 2026, while Adobe issued an emergency update for Reader to address an actively exploited remote code execution flaw.
SharePoint Zero-Day Under Fire
Redmond warns attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows spoofing of trusted content or interfaces over a network. Mike Walters, president and co-founder of Action1, explained that the bug can deceive employees by presenting falsified information within trusted SharePoint environments.
“This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said. “The presence of active exploitation significantly increases organizational risk.”
BlueHammer Exploit Code Now Neutralized
Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code after growing frustrated with Microsoft’s response. Will Dormann, senior principal vulnerability analyst at Tharros, confirmed that the public exploit code no longer works after installing today’s patches.
Adobe and Google Weigh In
Satnam Narang, senior staff research engineer at Tenable, noted that April marks the second-biggest Patch Tuesday ever for Microsoft. He also pointed to evidence that a zero-day flaw Adobe fixed in an emergency update on April 11 — CVE-2026-34621 — has been actively exploited since at least November 2025.
Adam Barnett, lead software engineer at Rapid7, called the total “a new record” due to nearly 60 browser vulnerabilities tied to the Chromium-based Microsoft Edge. He dismissed speculation that the spike was linked to hype around Anthropic’s unreleased AI capability Project Glasswing, noting that Chromium maintainers acknowledge a wide range of researchers.
“A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,” Barnett said. “We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.”
Background
Patch Tuesday is Microsoft’s monthly cycle for releasing security updates, typically on the second Tuesday of each month. The April 2026 edition is notable not only for the sheer number of fixes but for the inclusion of actively exploited zero-days. The previous record for Microsoft vulnerabilities patched in a single update was set in March 2026 with around 140 flaws.
Google Chrome’s fourth zero-day of 2026 underscores the persistent threat landscape for browser-based attacks. Similarly, Adobe’s emergency out-of-band update for Reader highlights the urgency of addressing flaws that are already being weaponized.
What This Means
For IT administrators, the sheer volume of patches demands immediate prioritization. The actively exploited SharePoint zero-day (CVE-2026-32201) should be treated as critical, as it enables attackers to bypass security controls within trusted corporate portals. Organizations running SharePoint should deploy the update without delay.
The rise in AI-assisted vulnerability discovery — as noted by Adam Barnett — signals a future where the number of reported flaws will continue to climb. Security teams must invest in automated patch management and threat intelligence to keep pace. Meanwhile, end users should restart their browsers after updating to ensure patches take effect.
In summary, this Patch Tuesday serves as a stark reminder that attackers are leveraging both traditional exploit techniques and emerging AI capabilities. Staying current with updates is no longer optional; it is a baseline requirement for any organization seeking to minimize risk.