7 Must-Know Security Updates from April 2026 Patch Tuesday

April 2026's Patch Tuesday is one for the record books. With Microsoft addressing a staggering 167 vulnerabilities—including actively exploited flaws—and Google and Adobe pushing urgent fixes for zero-days, it's a critical month for cybersecurity. This article breaks down the seven most important updates you need to understand and apply immediately.

1. SharePoint Server Zero-Day Under Active Attack (CVE-2026-32201)

One of the most dangerous vulnerabilities patched this month is CVE-2026-32201, a spoofing flaw in Microsoft SharePoint Server. Attackers can exploit it to present fake trusted content or interfaces within SharePoint sites, making it a potent tool for phishing and social engineering. Mike Walters, president and co-founder of Action1, warns that this actively exploited bug can deceive employees, partners, or customers by displaying falsified information in a trusted environment. The risk is elevated because the exploit is already being used in real-world attacks, potentially leading to unauthorized data manipulation and further compromise. Organizations that rely on SharePoint for internal collaboration should prioritize this patch immediately.

2. Windows Defender 'BlueHammer' Flaw (CVE-2026-33825)

Microsoft also closed a privilege escalation vulnerability in Windows Defender, known as BlueHammer (CVE-2026-33825). The bug, originally discovered by a researcher who later publicly released exploit code after a frustrating disclosure process, allowed attackers to elevate privileges on affected systems. Will Dormann, senior principal vulnerability analyst at Tharros, confirms that after installing today's updates, the public exploit code no longer works. This patched flaw underscores the importance of timely updates, especially for security products themselves. If you run Windows Defender—the default antivirus for many Windows users—this patch is essential to maintaining system integrity.

3. Adobe Reader Emergency Patch (CVE-2026-34621)

Adobe issued an emergency update on April 11 for a remote code execution flaw (CVE-2026-34621) in Adobe Reader. Satnam Narang, senior staff research engineer at Tenable, notes that this vulnerability has been actively exploited since at least November 2025—meaning attackers have had a five-month head start. The flaw could allow an attacker to take full control of a victim's system simply by tricking them into opening a malicious PDF file. Given the widespread use of Adobe Reader, this patch is critical for anyone who handles PDFs. Ensure your software is updated to the latest version to close this security gap.

4. Google Chrome Fixes Fourth Zero-Day of 2026

In addition to Microsoft's updates, Google released a stable channel update for Chrome that patches the browser's fourth zero-day vulnerability of 2026. While the specific CVE details were not disclosed in the original announcement, the update addresses a critical flaw that attackers could exploit to run arbitrary code. As BleepingComputer notes, this marks an alarming trend of increased zero-day activity in Chrome. To protect yourself, completely close and restart the browser after the update—merely refreshing tabs is insufficient. Chrome users should enable automatic updates or check for the latest version manually.

5. Record Number of Patches – 167 Total, Including Nearly 60 Browser Fixes

April 2026 sets a new record for Microsoft's Patch Tuesday with 167 vulnerabilities fixed. Remarkably, nearly 60 of these are browser-related, primarily in Microsoft Edge, which shares the Chromium engine. Adam Barnett, lead software engineer at Rapid7, describes this volume as "a new record in that category". He speculates that the spike might be linked to the buzz surrounding Project Glasswing—a much-hyped, unreleased AI tool from Anthropic reportedly adept at finding software bugs. However, Barnett cautions that the increase in vulnerability reporting is more likely driven by expanding AI capabilities. Expect this trend to continue as AI models become more proficient and accessible for security testing.

6. Microsoft Edge and Chromium: The AI Connection

The high number of browser patches deserves special attention. Microsoft Edge is built on Chromium, and the Chromium maintainers acknowledge a broad range of researchers for the vulnerabilities that Microsoft republished. This surge is not an anomaly but a sign of things to come. AI-powered vulnerability discovery is increasingly contributing to the volume of patches. As Adam Barnett notes, we should expect further increases as AI models improve. For users, this means more frequent browser updates are likely. Staying current with Edge updates—and by extension, Chrome updates—is vital to avoiding known exploits.

7. Final Step: Restart Your Browser (and Your System)

No matter which browser you use—Edge, Chrome, Firefox, or others—after applying these patches, it is critical to completely close and restart the browser. Many vulnerabilities are only neutralized after a full restart, which clears in-memory exploits and loads the updated code. The same principle applies to Windows updates: a system restart is often required to finalize patches. Don't postpone reboots, as that leaves your system exposed. Make it a habit to install updates and restart promptly, especially this month given the record number of fixes and active exploitation.

April 2026's Patch Tuesday is a stark reminder that cybersecurity is a continuous race. With three major vendors shipping urgent fixes for exploited flaws, the message is clear: update early and often. By following these seven key actions, you can significantly reduce your risk from these newly disclosed vulnerabilities.