Patchday: Attackers target Edge and Microsoft SharePoint Server
Due to ongoing attacks on Edge and SharePoint Servers, admins should ensure that the current Microsoft security updates are installed.
(Image: heise online)
Microsoft closed more than 160 security vulnerabilities on April's Patchday. There are already attacks, and attackers are targeting SharePoint Servers in addition to the Edge web browser. A vulnerability in Defender is publicly known, and attacks may be imminent.
Patch now!
Attackers are using the currently exploited vulnerability (CVE-2026-32201 “moderate”) in SharePoint Server for spoofing attacks over networks, according to a warning. Microsoft is not currently providing detailed information on what this means in detail, how such attacks occur, and to what extent they are taking place. However, the company states that after successful attacks, attackers can view and modify data that was actually isolated. The US cybersecurity agency CISA has also issued a warning about ongoing attacks.
Through a chromium vulnerability (CVE-2026-5281 “high”), attackers execute malicious code via a website they have set up. It is also currently unknown to what extent attackers are exploiting this vulnerability.
The publicly known vulnerability (CVE-2026-33825 “high”) in the Defender virus scanner could be the next item on attackers' agenda. If so, they could gain higher user privileges through an unspecified method, warn the developers in a post. According to the description, it could be the privilege escalation vulnerability known as “BlueHammer.” Microsoft has now apparently added login protection to the originally public GitHub repository with the exploit code, which is another indication.
Further Dangers
Microsoft classifies several vulnerabilities as “critical.” These include malicious code vulnerabilities in Office (CVE-2026-32190) and Remote Desktop Client (CVE-2026-32157). Furthermore, attackers can attack various Windows components, such as TCP/IP. Active Directory, Azure, and .NET Framework are also vulnerable, among others.
Videos by heise
To make future attacks via Remote Desktop (RDP) more difficult, the developers have published RDP hardening with the April updates. After installation, a warning message now appears before establishing a connection when opening RDP files.
Admins should ensure that Windows' update function is active and that the latest security patches are installed. Those using Windows 10 in extended support will also receive security updates this month. Microsoft lists further information on the vulnerabilities closed this month in the Security Update Guide.
(des)
