April 2026 Patch Tuesday: 10 Critical Security Updates You Can't Ignore

Microsoft's April 2026 Patch Tuesday is here, and it's a whopper. The company has released fixes for a staggering 167 security vulnerabilities across Windows, Office, and other software. This includes a zero-day in SharePoint Server already under attack, a publicly disclosed Windows Defender bug called 'BlueHammer,' and an emergency Adobe Reader patch for an exploited flaw. Not to be outdone, Google Chrome also patched its fourth zero-day of the year. Below are 10 crucial things you need to know about this month's updates to keep your systems safe.

1. A Record Number of Patches

This Patch Tuesday marks the second-largest ever, with 167 vulnerabilities fixed. Nearly 60 of those are browser-related, a surprising spike. While some speculate this is tied to Anthropic's new AI bug-hunting tool, Project Glasswing, the real driver is Chromium's expanded researcher acknowledgment program. Microsoft Edge is built on Chromium, so many flaws were disclosed and patched collectively. Expect this number to grow as AI aids vulnerability discovery.

2. SharePoint Zero-Day Under Active Attack

Tracked as CVE-2026-32201, this vulnerability allows attackers to spoof trusted content or interfaces in SharePoint Server. It's already being exploited in the wild. According to Mike Walters of Action1, this can lead to phishing attacks, unauthorized data manipulation, or social engineering campaigns that compromise organizations. If you use SharePoint, prioritize this patch immediately.

3. BlueHammer: Windows Defender Bug Now Fixed

The publicly disclosed privilege escalation flaw in Windows Defender, dubbed BlueHammer (CVE-2026-33825), has been patched. The researcher who discovered it published exploit code after frustration with Microsoft's response. Will Dormann of Tharros confirmed that the exploit code no longer works after applying today's updates. This underscores the importance of timely patching even for 'less critical' bugs.

4. Adobe Reader Emergency Patch

Adobe released an out-of-band update on April 11 for CVE-2026-34621, a remote code execution flaw in Adobe Reader that has been actively exploited since at least November 2025. Satnam Narang of Tenable notes that exploitation was ongoing for months before the patch. Ensure your Acrobat Reader is updated to the latest version to block potential attacks.

5. Google Chrome's Fourth Zero-Day of 2026

Google fixed yet another zero-day vulnerability in Chrome this month, the fourth of the year. While details are sparse, these flaws are typically exploited in targeted attacks. If you use Chrome or any Chromium-based browser (like Edge or Brave), update to the latest version immediately. Restart the browser fully after updating to apply the fix.

6. The AI Hype vs. Reality

Last week's announcement of Project Glasswing, an AI from Anthropic said to be excellent at finding bugs, sparked speculation about this patch surge. Adam Barnett of Rapid7 clarifies that while AI capabilities are expanding, the immediate spike comes from Chromium's vulnerability reporting practices. Still, we'll likely see ever-increasing volumes of flaws discovered by AI tools, so prepare for more frequent updates.

7. Restart Your Browser to Stay Protected

No matter which browser you use, simply installing the update isn't enough. You must completely close and restart the browser for the patches to take effect. Many exploits target in-memory vulnerabilities that persist until the application is fully terminated. Don't skip this step—it's vital for your security.

8. Implications for Your Organization

The SharePoint zero-day and BlueHammer highlight ongoing risks. Attackers can use SharePoint spoofing to trick employees into revealing credentials or manipulating data. BlueHammer could allow an attacker to gain elevated system access. Combined with the Adobe flaw, this month's patches are critical for defending against both remote and local attacks. Prioritize testing and deployment across your network.

9. Expert Insights on the Updates

Security professionals stress the urgency. Walters warns that active exploitation of the SharePoint bug significantly increases risk. Dormann's confirmation that BlueHammer exploit code is now neutered shows the patch works. Narang highlights the prolonged exploitation of the Adobe flaw. Barnett notes that while AI may be a factor, the real lesson is to stay vigilant and update promptly.

10. Immediate Steps to Take

First, apply all Microsoft patches via Windows Update or your management tool. Second, update Adobe Reader from its official site. Third, update Chrome (or Edge) and restart the browser. Fourth, ensure your antivirus definitions are current. Finally, educate users about phishing risks related to SharePoint spoofing. With 167 vulnerabilities fixed, don't delay—your security depends on it.

April 2026's Patch Tuesday is a forceful reminder that software vulnerabilities continue to multiply. Between record numbers of patches, active exploits, and AI-driven discovery, staying up-to-date is no longer optional—it's a necessity. Review your patching strategy, communicate with your team, and act now to protect your systems.