Patch Tuesday, April 2026 Edition

Tuesday, April 14, 2026 at 09:47 PM UTC·Source: Krebs on Security

Updated: Tuesday, April 14, 2026 at 09:50 PM UTC

Executive Summary

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that ca

Analysis

Indicators of Compromise (4)

CVE (4)

CVE-2026-32201

CVE-2026-33120

CVE-2026-33825

CVE-2026-34621

Source Attribution

Originally published by Krebs on Security on Apr 14, 2026.

Related Threats

CRITICALZero DayPOC

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.

5h agoThe Record

CRITICALZero Day

Gogs Zero-Day Exposes Servers to Remote Code Execution

The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek .

6h agoSecurityWeek

CRITICALZero DayPOC

Microsoft Threatens Legal Action Over Zero-Day Leaks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/microsoft-threatens-legal-action-over-zero-day-leaks-image_small-3-a-31807.jpg" align=right hspace=4><b>Security Researchers Fear Broader Legal Pressure on Bug Disclosures</b><br>Microsoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code following a breakdown in coordinated discl

19h agoBank Info Security