Microsoft Rolls Out Record Patch Tuesday: 169 Fixes Including SharePoint Zero-Day Exploited in the Wild
Microsoft released a record Patch Tuesday with 169 fixes across its products, highlighted by a SharePoint Server zero-day (CVE-2026-32201) that is actively exploited in the wild. The bundle also patches a Defender privilege-escalation flaw (CVE-2026-33825) tied to BlueHammer and a high-risk IKEv2 remote-code-execution issue (CVE-2026-33824) rated 9.8, along with extensive Edge updates and other critical/important vulnerabilities. Some of the flaws are listed in the CISA KEV catalog, triggering remediation deadlines for government agencies (by April 28, 2026).