April 2026 Patch Tuesday: 165 Vulnerabilities, Two Zero-Days Including One Actively Exploited

Microsoft's April 2026 Patch Tuesday addresses 165 vulnerabilities across Windows and other products, including two zero-days (one actively exploited in SharePoint and one publicly disclosed in Defender) and eight Critical issues such as an unauthenticated IKE RCE (CVE-2026-33824, CVSS 9.8). Organizations should prioritize patching internet-facing SharePoint, Defender endpoints, IKE services, Remote Desktop/Active Directory infrastructure, and Office/Word environments while validating exposure with external ASM and threat intelligence.