Microsoft’s massive Patch Tuesday: It’s raining bugs

Microsoft’s massive Patch Tuesday: It’s raining bugs

By Jessica Lyons
Publication Date: 2026-04-14 20:40:00

Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April’s mega Patch Tuesday.

The monthly patch party included a whopping 165 new Microsoft CVEs.

And the bug under active exploitation, CVE-2026-32201, is due to improper input validation in SharePoint that allows an unauthorized attacker to perform spoofing over a network. This could allow someone to view sensitive information and make changes to disclosed information.

“By exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content,” Mike Walters, president and cofounder of patch management provider Action1, told us, adding that this bug can be abused in phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise.