Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Windows Event Forwarding: 4 Silent Killers that Stop the Flow of Events without You Knowing

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

April, 2026: Patch Tuesday- Only 2 Zero-Days but a Massive Month of Updates

Welcome to my April 2026 Patch Tuesday newsletter. This month is huge with 167 updates released today and another 344 released since our newsletter last month for a staggering 512 updates. I haven't seen a list of updates this long in years. The good news is that we only have two zero-days to talk about. So, let's get to it.

This month we have only two zero-days. One is only public and the other is currently being exploited but not publicly disclosed.

CVE-2026-32201 - This spoofing vulnerability is rated "Important" with a moderate CVSS score of 6.5/6.0. It affects the support versions of SharePoint. An attacker who is success with the exploit could view some sensitive information and make changes to that information. Exploitation has been detected so you will want to get this updated to stop unauthorized attackers from being able to spoof over the network.
CVE-2026-33825 - This elevation of privilege is also rated "Important" and has a higher CVSS score of 7.8/7.0. A successful attacker could gain SYSTEM privileges locally. Systems with Microsoft Defender disabled are not exploitable. Systems using Defender should be updated.

Besides these we have 22 "Critical" rated CVE's being pushed out for the month. You will want to peruse the chart below to see if your environment contains any of the affected applications and the vulnerable versions.

Happy Patching!

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Windows App Client for Windows Desktop Windows Admin Center Remote Desktop Client for Windows Desktop	Critical	CVE-2023-20585 CVE-2026-0390 CVE-2026-20806 CVE-2026-20928 CVE-2026-20930 CVE-2026-23670 CVE-2026-25184 CVE-2026-25250 CVE-2026-26151 CVE-2026-26152 CVE-2026-26153 CVE-2026-26154 CVE-2026-26155 CVE-2026-26156 CVE-2026-26159 CVE-2026-26160 CVE-2026-26161 CVE-2026-26162 CVE-2026-26163 CVE-2026-26165 CVE-2026-26166 CVE-2026-26167 CVE-2026-26168 CVE-2026-26169 CVE-2026-26170 CVE-2026-26172 CVE-2026-26173 CVE-2026-26174 CVE-2026-26175 CVE-2026-26176 CVE-2026-26177 CVE-2026-26178 CVE-2026-26179 CVE-2026-26180 CVE-2026-26181 CVE-2026-26182 CVE-2026-26183 CVE-2026-26184 CVE-2026-27906 CVE-2026-27907 CVE-2026-27908 CVE-2026-27909 CVE-2026-27910 CVE-2026-27911 CVE-2026-27912 CVE-2026-27913 CVE-2026-27914 CVE-2026-27915 CVE-2026-27916 CVE-2026-27917 CVE-2026-27918 CVE-2026-27919 CVE-2026-27920 CVE-2026-27921 CVE-2026-27922 CVE-2026-27923 CVE-2026-27924 CVE-2026-27925 CVE-2026-27926 CVE-2026-27927 CVE-2026-27928 CVE-2026-27929 CVE-2026-27930 CVE-2026-27931 CVE-2026-32068 CVE-2026-32069 CVE-2026-32070 CVE-2026-32071 CVE-2026-32072 CVE-2026-32073 CVE-2026-32074 CVE-2026-32075 CVE-2026-32076 CVE-2026-32077 CVE-2026-32078 CVE-2026-32079 CVE-2026-32080 CVE-2026-32081 CVE-2026-32082 CVE-2026-32083 CVE-2026-32084 CVE-2026-32085 CVE-2026-32086 CVE-2026-32087 CVE-2026-32088 CVE-2026-32089 CVE-2026-32090 CVE-2026-32091 CVE-2026-32093 CVE-2026-32149 CVE-2026-32150 CVE-2026-32151 CVE-2026-32152 CVE-2026-32153 CVE-2026-32154 CVE-2026-32155 CVE-2026-32156 CVE-2026-32157 CVE-2026-32158 CVE-2026-32159 CVE-2026-32160 CVE-2026-32162 CVE-2026-32163 CVE-2026-32164 CVE-2026-32165 CVE-2026-32181 CVE-2026-32183 CVE-2026-32195 CVE-2026-32196 CVE-2026-32202 CVE-2026-32212 CVE-2026-32214 CVE-2026-32215 CVE-2026-32216 CVE-2026-32217 CVE-2026-32218 CVE-2026-32219 CVE-2026-32220 CVE-2026-32221 CVE-2026-32222 CVE-2026-32223 CVE-2026-32224 CVE-2026-32225 CVE-2026-33096 CVE-2026-33098 CVE-2026-33099 CVE-2026-33100 CVE-2026-33101 CVE-2026-33104 CVE-2026-33824 CVE-2026-33826 CVE-2026-33827 CVE-2026-33829	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing Tampering
Edge	Edge (Chromium-based)	Low	CVE-2026-0385 CVE-2026-26133 CVE-2026-32187 CVE-2026-32191 CVE-2026-32194 CVE-2026-33118 CVE-2026-33119 CVE-2026-3537 CVE-2026-3909 CVE-2026-3910 CVE-2026-3913 CVE-2026-3914 CVE-2026-3915 CVE-2026-3916 CVE-2026-3917 CVE-2026-3918 CVE-2026-3919 CVE-2026-3920 CVE-2026-3921 CVE-2026-3922 CVE-2026-3923 CVE-2026-3924 CVE-2026-3925 CVE-2026-3926 CVE-2026-3927 CVE-2026-3928 CVE-2026-3929 CVE-2026-3930 CVE-2026-3931 CVE-2026-3932 CVE-2026-3934 CVE-2026-3935 CVE-2026-3936 CVE-2026-3937 CVE-2026-3938 CVE-2026-3939 CVE-2026-3940 CVE-2026-3941 CVE-2026-3942 CVE-2026-4440 CVE-2026-4441 CVE-2026-4442 CVE-2026-4443 CVE-2026-4444 CVE-2026-4445 CVE-2026-4446 CVE-2026-4447 CVE-2026-4448 CVE-2026-4449 CVE-2026-4450 CVE-2026-4451 CVE-2026-4452 CVE-2026-4453 CVE-2026-4454 CVE-2026-4455 CVE-2026-4456 CVE-2026-4457 CVE-2026-4458 CVE-2026-4459 CVE-2026-4460 CVE-2026-4461 CVE-2026-4462 CVE-2026-4463 CVE-2026-4464 CVE-2026-4673 CVE-2026-4674 CVE-2026-4675 CVE-2026-4676 CVE-2026-4677 CVE-2026-4678 CVE-2026-4679 CVE-2026-4680 CVE-2026-5272 CVE-2026-5273 CVE-2026-5274 CVE-2026-5275 CVE-2026-5276 CVE-2026-5277 CVE-2026-5279 CVE-2026-5280 CVE-2026-5281 CVE-2026-5283 CVE-2026-5284 CVE-2026-5285 CVE-2026-5286 CVE-2026-5287 CVE-2026-5289 CVE-2026-5290 CVE-2026-5291 CVE-2026-5292 CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5862 CVE-2026-5863 CVE-2026-5864 CVE-2026-5865 CVE-2026-5866 CVE-2026-5867 CVE-2026-5868 CVE-2026-5869 CVE-2026-5870 CVE-2026-5871 CVE-2026-5872 CVE-2026-5873 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5877 CVE-2026-5878 CVE-2026-5879 CVE-2026-5880 CVE-2026-5881 CVE-2026-5882 CVE-2026-5883 CVE-2026-5884 CVE-2026-5885 CVE-2026-5886 CVE-2026-5887 CVE-2026-5888 CVE-2026-5889 CVE-2026-5890 CVE-2026-5891 CVE-2026-5892 CVE-2026-5893 CVE-2026-5894 CVE-2026-5895 CVE-2026-5896 CVE-2026-5897 CVE-2026-5898 CVE-2026-5899 CVE-2026-5900 CVE-2026-5901 CVE-2026-5902 CVE-2026-5903 CVE-2026-5904 CVE-2026-5905 CVE-2026-5906 CVE-2026-5907 CVE-2026-5908 CVE-2026-5909 CVE-2026-5910 CVE-2026-5911 CVE-2026-5912 CVE-2026-5913 CVE-2026-5914 CVE-2026-5915 CVE-2026-5918 CVE-2026-5919	Workaround: No Exploited: No Public: No	Defense in Depth Information Disclosure Remote Code Execution Spoofing
Office	365 Apps for Enterprise Excel/PowerPoint 2016 and for Android, iOS Office 2016, 2019 LTSC 2021, 2024 including for Mac Loop for iOS OneNote/Teams for Android, iOS Outlook for iOS, Mac Office Online Server Purview Word for iOS	Critical	CVE-2026-23657 CVE-2026-26133 CVE-2026-26138 CVE-2026-26139 CVE-2026-32188 CVE-2026-32189 CVE-2026-32190 CVE-2026-32197 CVE-2026-32198 CVE-2026-32199 CVE-2026-32200 CVE-2026-33095 CVE-2026-33114 CVE-2026-33115 CVE-2026-33822	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Important	CVE-2026-20945 CVE-2026-32201**	Workaround: No Exploited: Yes** Public: No	Spoofing
Azure	Cloud Shell Data Factory DevOps: msazure Logic Apps Monitor Agent HPC Pack 2019	Critical	CVE-2026-23658 CVE-2026-23659 CVE-2026-32168 CVE-2026-32169 CVE-2026-32171 CVE-2026-32184 CVE-2026-32192	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure
Developer Tools	.NET 10, 9 and 8 installed on Linux, MacOS and Windows .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 Visual Studio 2017 15.9 - 15.0 Visual Studio 2019 16.11 - 16.0 Visual Studio 2022 17.14/17.12 Visual Studio Code CoPilot Chat Extension PowerShell 7.4/7.5	Critical	CVE-2026-21637 CVE-2026-23653 CVE-2026-23666 CVE-2026-26143 CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-32226 CVE-2026-32631 CVE-2026-33116	Workaround: No Exploited: No Public: No	Denial of Service Information Disclosure Security Feature Bypass Spoofing
SQL Server	PowerBI for Android, iOS 2016 SP3 GDR and Azure Connect Feature Pack 2017 CU31/GDR 2019 CU32/GDR 2022 CU24/GDR 2025 CU3/GDR	Important	CVE-2026-26133 CVE-2026-32167 CVE-2026-32176 CVE-2026-33120	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution
Exchange	Exchange Online	Critical	CVE-2026-26137	Workaround: No Exploited: No Public: No	Elevation of Privilege
Dynamics	365 (on-premises) v9.0 Power Apps	Important	CVE-2026-26149 CVE-2026-33103	Workaround: No Exploited: No Public: No	Information Disclosure Security Feature Bypass
Apps	365 CoPilot also for Android, iOS Bing	Critical	CVE-2026-24299 CVE-2026-26120 CVE-2026-26133	Workaround: No Exploited: No Public: No	Information Disclosure Tampering
System Center	Defender Antimalware Platform	Important	CVE-2026-33825*	Workaround: No Exploited: No Public: Yes*	Elevation of Privilege
Other	CoPilot	Critical	CVE-2026-26136	Workaround: No Exploited: No Public: No	Information Disclosure
Open-Source Software	See list directly below chart***	Critical	CVE-2006-10003 CVE-2025-49010 CVE-2025-66037 CVE-2025-66038 CVE-2025-66215 CVE-2025-67030 CVE-2025-69647 CVE-2025-69720 CVE-2025-71239 CVE-2025-71265 CVE-2025-71266 CVE-2025-71267 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-1519 CVE-2026-1965 CVE-2026-21710 CVE-2026-21712 CVE-2026-21713 CVE-2026-21714 CVE-2026-21715 CVE-2026-21716 CVE-2026-21717 CVE-2026-23100 CVE-2026-23169 CVE-2026-23233 CVE-2026-23241 CVE-2026-23242 CVE-2026-23243 CVE-2026-23244 CVE-2026-23245 CVE-2026-23246 CVE-2026-23248 CVE-2026-23253 CVE-2026-23259 CVE-2026-23266 CVE-2026-23267 CVE-2026-23268 CVE-2026-23269 CVE-2026-23271 CVE-2026-23274 CVE-2026-23277 CVE-2026-23279 CVE-2026-23281 CVE-2026-23284 CVE-2026-23285 CVE-2026-23286 CVE-2026-23289 CVE-2026-23290 CVE-2026-23291 CVE-2026-23292 CVE-2026-23293 CVE-2026-23296 CVE-2026-23298 CVE-2026-23300 CVE-2026-23303 CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23310 CVE-2026-23312 CVE-2026-23315 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319 CVE-2026-23324 CVE-2026-23334 CVE-2026-23336 CVE-2026-23340 CVE-2026-23343 CVE-2026-23347 CVE-2026-23351 CVE-2026-23352 CVE-2026-23356 CVE-2026-23357 CVE-2026-23359 CVE-2026-23364 CVE-2026-23365 CVE-2026-23367 CVE-2026-23368 CVE-2026-23370 CVE-2026-23379 CVE-2026-23381 CVE-2026-23382 CVE-2026-23388 CVE-2026-23390 CVE-2026-23391 CVE-2026-23392 CVE-2026-23395 CVE-2026-23396 CVE-2026-23397 CVE-2026-23398 CVE-2026-23403 CVE-2026-23404 CVE-2026-23405 CVE-2026-23406 CVE-2026-23407 CVE-2026-23408 CVE-2026-23409 CVE-2026-23410 CVE-2026-23411 CVE-2026-2369 CVE-2026-23868 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-2436 CVE-2026-25075 CVE-2026-25645 CVE-2026-25679 CVE-2026-2673 CVE-2026-27135 CVE-2026-27448 CVE-2026-27456 CVE-2026-27459 CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28753 CVE-2026-28755 CVE-2026-29111 CVE-2026-29785 CVE-2026-30922 CVE-2026-3104 CVE-2026-3119 CVE-2026-31394 CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32241 CVE-2026-32249 CVE-2026-32647 CVE-2026-32748 CVE-2026-32775 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33055 CVE-2026-33056 CVE-2026-33216 CVE-2026-33343 CVE-2026-33412 CVE-2026-33413 CVE-2026-33416 CVE-2026-33515 CVE-2026-33526 CVE-2026-33542 CVE-2026-33554 CVE-2026-33636 CVE-2026-33750 CVE-2026-33936 CVE-2026-34353 CVE-2026-34714 CVE-2026-34743 CVE-2026-34933 CVE-2026-34982 CVE-2026-35177 CVE-2026-35385 CVE-2026-35386 CVE-2026-35388 CVE-2026-35535 CVE-2026-3591 CVE-2026-3783 CVE-2026-3784 CVE-2026-39881 CVE-2026-40024 CVE-2026-40025 CVE-2026-40026 CVE-2026-4111 CVE-2026-4224 CVE-2026-4437 CVE-2026-4438 CVE-2026-4519 CVE-2026-4645 CVE-2026-4647 CVE-2026-4746 CVE-2026-4878 CVE-2026-4897 CVE-2026-5107 CVE-2026-5201	Workaround: No Exploited: No Public: No	None listed

***To keep from clogging up the chart above I am putting the list of Open-Source Software products here:

azl3 avahi 0.8-7, azl3 bind 9.20.18-1, azl3 binutils 2.41-10, azl3 cmake 3.30.3-12, azl3 curl 8.11.1-5, azl3 erlang 26.2.5.17-1, azl3 expat 2.6.4-4, azl3 flannel 0.24.2-26, azl3 freeipmi 1.6.11-1, azl3 frr 10.5.0-1, azl3 gdb 13.2-6, azl3 gdk-pixbuf2 2.42.10-4, azl3 glibc 2.38-18, azl3 glibc 2.38-19, azl3 golang 1.25.7-1, azl3 kernel 0.0.0-1, azl3 kernel 6.6.0.0-1, azl3 kernel 6.6.126.1-1, azl3 kernel 6.6.130.1-3, azl3 libarchive 3.7.7-4, azl3 libcap 2.69-13, azl3 libexif 0.6.24-1, azl3 libpng 1.6.55-1, azl3 libsoup 3.4.4-12, azl3 libsoup 3.4.4-14, azl3 libssh 0.10.6-5, azl3 libssh 0.10.6-6, azl3 ncurses 6.4-2, azl3 ncurses 6.4-3, azl3 nghttp2 1.61.0-2, azl3 nginx 1.28.2-1, azl3 nodejs 20.14.0-13, azl3 nodejs 20.14.0-14, azl3 nodejs24 24.13.0-3, azl3 ocaml 5.1.1-1, azl3 ocaml 5.1.1-2, azl3 opensc 0.26.1-1, azl3 openssh 9.8p1-5, azl3 openssl 3.3.5-4, azl3 perl-XML-Parser 2.47-1, azl3 plexus-utils 3.3.0-4, azl3 plexus-utils 3.3.0-5, azl3 pyOpenSSL 24.2.1-1, azl3 python3 3.12.9-10, azl3 python3 3.12.9-9, azl3 python-ecdsa 0.18.0-2, azl3 python-pyasn1 0.4.8-1, azl3 python-pyasn1 0.4.8-2, azl3 python-requests 2.31.0-4, azl3 sleuthkit 4.12.1-1, azl3 squid 6.13-3, azl3 strongswan 5.9.14-8, azl3 sudo 1.9.17-1, azl3 systemd-bootstrap 250.3-19, azl3 telegraf 1.31.0-15, azl3 telegraf 1.31.0-17, azl3 trident 0.21.0-1, azl3 util-linux 2.40.2-3, azl3 vim 9.2.0088-1, azl3 vim 9.2.0240-1

cbl2 avahi 0.8-5, cbl2 cloud-hypervisor 32.0-7, cbl2 cmake 3.21.4-21, cbl2 erlang 25.3.2.21-4, cbl2 etcd 3.5.21-4, cbl2 frr 8.5.5-5, cbl2 giflib 5.2.1-10, cbl2 kernel 5.15.200.1-1, cbl2 libarchive 3.6.1-8, cbl2 libcap 2.60-7, cbl2 libexif 0.6.24-1, cbl2 libexif 0.6.24-2, cbl2 libpng 1.6.55-1, cbl2 nghttp2 1.57.0-2, cbl2 nginx 1.22.1-15, cbl2 nodejs18 18.20.3-11, cbl2 nodejs18 18.20.3-12, cbl2 ocaml 4.13.1-2, cbl2 ocaml 4.13.1-3, cbl2 plexus-utils 3.3.0-3, cbl2 plexus-utils 3.3.0-4, cbl2 polkit 0.119-4, cbl2 python3 3.9.19-19, cbl2 python-pyasn1 0.4.8-1, cbl2 systemd-bootstrap 250.3-13, cbl2 systemd-bootstrap 250.3-14, cbl2 telegraf 1.29.4-21, cbl2 telegraf 1.29.4-22, cbl2 terraform 1.3.2-29, cbl2 vim 9.2.0088-1, cbl2 xz 5.2.5-1

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

April 2026 Patch Tuesday	"Patch Tuesday- Only 2 Zero-Days but a Massive Month of Updates " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2026 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.