Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
Cisco Talos summarizes Microsoft’s April 2026 Patch Tuesday, which fixes 165 vulnerabilities across Windows, Office, .NET, Active Directory, SharePoint, and network-facing components, with eight rated critical. The highest-risk issues include memory corruption bugs such as a Remote Desktop Client use-after-free (CVE-2026-32157), Office use-after-free and pointer dereference flaws (CVE-2026-32190, CVE-2026-33114, CVE-2026-33115), a double-free in the Windows IKE extension reachable via crafted UDP 500/4500 traffic (CVE-2026-33824), and a Windows TCP/IP race condition triggered by malicious IPv6 packets when IPsec is enabled (CVE-2026-33827). Talos also highlights CVE-2026-33826, where authenticated attackers in the same restricted AD domain can send crafted RPC calls to achieve adjacent-network RCE, and CVE-2026-32201, a SharePoint spoofing bug already observed in the wild that can expose and alter sensitive information. The post is mainly a defender-oriented triage guide rather than root-cause research, but it is technically useful because it identifies exploit preconditions, affected subsystems, and corresponding Snort coverage for several of the patched bugs.