Microsoft's Record Patch Tuesday: 167 Flaws Fixed Including Actively Exploited SharePoint Zero-Day and Windows Defender Bug 'BlueHammer'
Breaking: Microsoft Issues Massive Security Update
Microsoft released a record-breaking 167 security patches today, covering vulnerabilities in Windows, SharePoint, and other software. Among them is a zero-day exploit in SharePoint Server already being used in attacks, alongside a publicly exposed Windows Defender weakness dubbed 'BlueHammer'. This marks the second-largest Patch Tuesday ever, according to Tenable's Satnam Narang.
Critical Flaw Under Active Attack: SharePoint Server Vulnerability
Attackers are actively targeting CVE-2026-32201, a spoofing vulnerability in Microsoft SharePoint Server. The flaw allows malicious actors to present falsified content or interfaces within trusted SharePoint environments, enabling phishing and social engineering campaigns.
Mike Walters, president of Action1, warned: "This CVE can deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments. The presence of active exploitation significantly increases organizational risk."
Publicly Disclosed Windows Defender Bug Finally Patched
Microsoft also addressed CVE-2026-33825, a privilege escalation flaw in Windows Defender known as BlueHammer. The researcher who discovered it published exploit code after growing frustrated with Microsoft's response. Will Dormann of Tharros confirmed that the public exploit no longer works after installing today's patches.
"We have verified that the BlueHammer exploit code fails on patched systems," Dormann stated.
Background: A Record-Breaking Patch Tuesday
April's update includes nearly 60 browser-related vulnerabilities, setting a new record for Microsoft. Adam Barnett of Rapid7 noted: "This sudden spike in browser bugs might be linked to the buzz around Project Glasswing—a hyped but unreleased AI capability from Anthropic that is reportedly excellent at finding software flaws."
However, Barnett clarified that Microsoft Edge, based on Chromium, inherits many vulnerabilities from the open-source engine. "A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities. We should expect further increases in vulnerability reporting volume as AI models extend further."
Narang added: "April marks the second-biggest Patch Tuesday ever for Microsoft."
What This Means for Users and Organizations
Organizations must prioritize applying the SharePoint patch immediately due to active exploitation. The BlueHammer fix closes a publicly known attack vector. With over 160 vulnerabilities patched, including browser bugs, IT teams should allocate resources for comprehensive update deployment.
Separately, Google Chrome fixed its fourth zero-day of 2026, and Adobe released an emergency patch for CVE-2026-34621, an actively exploited remote code execution flaw in Adobe Reader that has been targeted since November 2025. Adam Barnett cautioned: "Regardless of your browser, completely close and restart it after updates to ensure protection."
Additional Updates: Chrome and Adobe Also Address Zero-Day Exploits
Google's Chrome update resolves a critical zero-day vulnerability, while Adobe urges users to apply the Reader patch immediately. Both fixes address flaws that attackers have actively exploited in the wild.
For more details, see the SharePoint section and BlueHammer section above.