Microsoft's April 2026 Patch Tuesday addresses 167 security vulnerabilities across Windows and related products, including 2 actively exploited zero-days. The update covers critical flaws in Windows TCP/IP (remote code execution), Windows Active Directory, Remote Desktop Client, Windows IKE Extension, Microsoft Office Word, and .NET Framework. Additional notable fixes include elevation of privilege bugs across dozens of Windows components, information disclosure vulnerabilities in GitHub Copilot/VS Code, and an NTLM hash leak via manipulated Git repositories. Several Critical-severity CVEs are included alongside the majority rated Important.
Table of contents
2 zero-days and Microsoft Office flawsRecent updates from other companiesThe April 2026 Patch Tuesday Security UpdatesAutomated Pentesting Covers Only 1 of 6 Surfaces.Sort: