By Dark Reading
Publication Date: 2026-04-14 21:22:00
It’s another all hands on deck Patch Tuesday.
Microsoft released patches for a near record 165 CVEs, one of which attackers are already actively exploiting and another that’s publicly known but so far remains unexploited.
Microsoft assessed 19 of the newly disclosed vulnerabilities as flaws that attackers are more likely to exploit, meaning they need high-priority attention. In keeping with a relatively recent trend, nearly 60% of the patched flaws this month are elevation-of-privilege bugs, followed by remote code execution (RCE) flaws and information disclosure bugs.
Elevation of Privilege Bugs Galore
“Elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April,” said Satnam Narang, senior staff research engineer at Tenable, in emailed comments. “RCE vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this month.” The 165 flaws Microsoft patched…
