April 2026 Patch Tuesday: 7 Critical Updates You Must Install Now

Microsoft's April 2026 Patch Tuesday delivered a staggering 167 security fixes across Windows and related software, including a SharePoint Server zero-day already under attack, a publicly disclosed Windows Defender flaw named BlueHammer, and emergency patches from Adobe and Google. With record-high browser vulnerabilities and growing evidence of AI-driven exploit discovery, this month's update cycle is among the most urgent in recent memory. Below, we break down the seven most critical updates you need to know about—and why you should apply them immediately.

1. SharePoint Server Zero-Day: CVE-2026-32201

Attackers are actively exploiting a vulnerability in Microsoft SharePoint Server that allows spoofing of trusted content or interfaces. CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments. Mike Walters, president of Action1, warns that this flaw 'can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise.' The presence of active exploitation significantly increases organizational risk. Ensure your SharePoint servers are patched immediately to block these attacks.

April 2026 Patch Tuesday: 7 Critical Updates You Must Install Now — Source: krebsonsecurity.com

2. Windows Defender BlueHammer: CVE-2026-33825

Microsoft addressed a privilege escalation bug in Windows Defender nicknamed BlueHammer (CVE-2026-33825). The researcher who discovered it published exploit code after growing frustrated with Microsoft's response. According to Will Dormann of Tharros, the public exploit code no longer works after installing today's patches. This vulnerability could allow an attacker to gain elevated access on a system. The public exploit and active interest in this flaw make patching a high priority for all Windows users.

3. Adobe Reader Emergency Update: CVE-2026-34621

On April 11, Adobe released an emergency patch for a zero-day vulnerability in Adobe Reader that leads to remote code execution. Satnam Narang of Tenable notes that CVE-2026-34621 has been under active exploitation since at least November 2025. The flaw is being used in real-world attacks, and because Reader is widely deployed, immediate updating is critical. If you use Adobe Reader, ensure you have applied the latest version to close this actively exploited hole.

4. Google Chrome's Fourth Zero-Day of 2026

Separately from Microsoft's patches, Google released an update for Chrome fixing its fourth zero-day vulnerability of 2026. Details are sparse, but given the active exploitation of previous Chrome zero-days this year, users should update their browser immediately. No matter which browser you use, complete closure and restart after applying updates to ensure the fixes take effect.

5. Record-Breaking Browser Vulnerability Count

April's Patch Tuesday includes nearly 60 browser-related vulnerabilities, a new record according to Adam Barnett of Rapid7. Many of these affect Microsoft Edge, which is built on the Chromium engine. The sudden spike may be linked to advanced AI tools like Anthropic's Project Glasswing, though Barnett notes the bugs were reported by various researchers. The sheer volume underscores the importance of keeping browsers updated and restarting them after patching.

6. AI's Growing Role in Vulnerability Discovery

Adam Barnett suggests that the increase in vulnerability reporting volume is driven by ever-expanding AI capabilities. 'We should expect to see further increases as the impact of AI models extend further, both in terms of capability and availability,' he says. The buzz around Project Glasswing—an unreleased Anthropic AI that excels at finding bugs—hints that future Patch Tuesdays may continue to set records. Organizations should prepare for a higher cadence of security updates.

7. Don't Forget to Restart Your Browser

Regardless of which browser you use—Edge, Chrome, Firefox, or another—applying security updates isn't complete until you fully close and restart the browser. Many browser vulnerabilities, including those patched this month, require a restart to take effect. Make restarting a habit after any browser update to ensure you're protected against active exploits.

This April's Patch Tuesday is a stark reminder of the evolving threat landscape. With active zero-days, public exploit code, and AI-driven discovery, the window between disclosure and exploitation is shrinking. Install updates now across all affected software—SharePoint, Windows Defender, Adobe Reader, Chrome, and Edge—and restart browsers promptly. Stay vigilant.