Microsoft patches 168 flaws, SharePoint zero-day

Microsoft has released its April 2026 security update, addressing a total of 168 vulnerabilities across its products. Among the patched flaws is an actively exploited zero-day in SharePoint that enables privilege escalation, indicating it was used in real-world attacks before a fix was available. The high volume of 168 CVEs in a single release cycle underscores the sustained and broad attack surface of Microsoft's enterprise software stack. The SharePoint vulnerability is particularly concerning as privilege escalation is a key tactic for attackers to move laterally within corporate and government networks after an initial breach.