Microsoft April 2026 Patch Tuesday security updates (167 flaws)
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft's April 2026 Patch Tuesday ships security updates for 167 flaws, including 2 zero-days, reducing exposure across widely used Microsoft software. The release also fixes 8 Critical vulnerabilities, including 7 remote code execution bugs and 1 denial of service flaw. That scope makes the update bundle especially important for systems running Microsoft Office, SharePoint Server, and Microsoft Defender.
Cases
Related Happenings
Microsoft security patch release for CVE-2026-45659
Security Patch Release
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft security patch release for CVE-2026-45659
Security Patch ReleaseAbout this happening: Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/Service
First: 15.05.2026 17:49
Last: 15.05.2026 17:49
Sources 1
About this happening:
**Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/ServiceAbout this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Timeline
-
14.04.2026 03:00 1 articles · 1mo ago
Microsoft releases April 2026 Patch Tuesday updates
Initial DisclosureMicrosoft releases the April 2026 Patch Tuesday security updates for Microsoft products, fixing 167 flaws and 2 zero-days across elevation of privilege, security feature bypass, remote code execution, information disclosure, denial of service, and spoofing categories.
Show sources
- Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days — www.bleepingcomputer.com — 14.04.2026 20:41
-
14.04.2026 03:00 2 articles · 1mo ago
Microsoft details zero-days and update guidance
Mitigation Patch UpdateMicrosoft identifies CVE-2026-32201 as a Microsoft SharePoint Server spoofing vulnerability exploited in attacks and CVE-2026-33825 as a Microsoft Defender elevation of privilege flaw that can grant SYSTEM privileges, while also fixing Microsoft Office remote code execution bugs that can be triggered through the preview pane or malicious documents and urging prompt Office updating.
Show sources
- Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days — www.bleepingcomputer.com — 14.04.2026 20:41
- Microsoft Fixes Two Zero-Days in April Patch Tuesday — www.infosecurity-magazine.com — 15.04.2026 12:10