Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday

Microsoft’s April Patch Tuesday covers 163 CVEs across 17 product families, including eight Critical and many Important issues; one SharePoint spoofing zero-day (CVE-2026-32201) is confirmed exploited in the wild and a Defender elevation-of-privilege bug (CVE-2026-33825) was publicly disclosed prior to the patches. Notable high-risk items include a 9.8 CVSS RCE in IKE (CVE-2026-33824) and multiple Office/365 and Windows kernel issues; the report includes exploitability timelines, Sophos detection mappings, per-product appendices, and a CWE breakdown showing heavy prevalence of use-after-free and race conditions.