Microsoft Releases April 2026 Security Updates

Scheduled updates for Microsoft products address 165 vulnerabilities, including CVE‑2026‑32201, an exploited spoofing vulnerability affecting SharePoint Server

Threat ID:: CC-4771
Threat Severity:: Medium
Published:: 15 April 2026 3:48 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products address 165 vulnerabilities, including CVE‑2026‑32201, an exploited spoofing vulnerability affecting SharePoint Server

Affected platforms

The following platforms are known to be affected:

Microsoft SharePoint Server

Microsoft Windows

The following platforms are also known to be affected:

Multiple other Microsoft platforms. Please see Microsoft's April 2026 Security Update guide for full details.

Threat details

Exploitation of CVE-2026-32201

Microsoft states that exploitation of CVE‑2026‑32201 has been detected. NHS England National CSOC assesses future exploitation as highly likely.

Introduction

Microsoft has released security updates to address 165 vulnerabilities in Microsoft products, including CVE-2026-32201, an exploited vulnerability that could allow an unauthorised attacker to perform spoofing over a network.

CVE-2026-32201 - 'Improper Input Validation' vulnerability in Microsoft Sharepoint Server - CVSSv3 score: 6.5

Out-of-band security update affecting critical ASP.NET Core

Microsoft has released an out-of-band (OOB) security update to patch a critical ASP.NET Core privilege escalation vulnerability known as CVE-2026-40372.

The vulnerability addresses an 'Improper verification of cryptographic signature' flaw in ASP.NET Core and has a CVSSv3 score of 9.1. If exploited, an unauthenticated attacker could gain SYSTEM privileges on affected devices.

Affected organisations should review Microsoft's advisory ASP.NET Core Elevation of Privilege Vulnerability (CVE-2026-40372) and apply relevant updates.

Windows Autopatch is enabling hotpatch security updates by default

Starting with the May 2026 Windows security update, Microsoft will be enabling hotpatch security updates by default for eligible devices. This change will impact all eligible devices managed by Microsoft Intune, and applies whether you use Windows Autopatch through Microsoft Intune or the Windows updates API in Microsoft Graph.

For more details, please see Microsoft's Securing devices faster with hotpatch updates on by default blog post.

Threat updates

Date	Update
24 Apr 2026	Corrected Threat ID
22 Apr 2026	Out-of-band security update affecting critical ASP.NET Core added

Remediation advice

Affected organisations are encouraged to review Microsoft's April 2026 Security Updates and apply the relevant updates as soon as possible.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2026-32201

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Status Published

CVE-2026-40372

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Last edited: 24 April 2026 12:04 pm