Microsoft's Record Patch Tuesday: 165 Vulnerabilities Addressed, Including Actively Exploited Zero-Day

Microsoft Addresses 165 Vulnerabilities in Record Patch Tuesday Update

Microsoft has released its latest Patch Tuesday update, addressing 165 vulnerabilities across its products and underlying systems. This includes one actively exploited zero-day vulnerability in Microsoft Office SharePoint, marking the second-largest monthly release in the company’s history.

"By my count, this is the second-largest monthly release in Microsoft’s history."

Why the Surge in Vulnerabilities?

While Microsoft did not explain the significant increase in this month’s patch batch, Childs noted that many vulnerability programs are experiencing a substantial rise in submissions driven by artificial intelligence tools.

"For us, our incoming rate has essentially tripled, making triage a challenge, to say the least."

Actively Exploited Zero-Day: CVE-2026-32201

The zero-day vulnerability, identified as CVE-2026-32201, has a CVSS rating of 6.5. It allows attackers to view sensitive information and make unauthorized changes. Microsoft confirmed that the improper input validation defect in Microsoft Office SharePoint enables unauthenticated attackers to perform spoofing over a network.

The Cybersecurity and Infrastructure Security Agency (CISA) added this zero-day to its Known Exploited Vulnerabilities Catalog shortly after Microsoft’s disclosure.

High-Severity Vulnerability: CVE-2026-33825

Microsoft also addressed a high-severity vulnerability, CVE-2026-33825, which was publicly known at the time of release. This defect in Microsoft Defender is more likely to be exploited and could allow unauthorized attackers to elevate privileges locally.

"What starts as a foothold can quickly become full system domination."

"Once exploited, it allows full control over endpoints, enabling data exfiltration, disabling security tools and lateral movement across networks."

Proof-of-concept exploit code for this defect is publicly available, increasing the likelihood of real-world exploitation.

Critical Vulnerabilities Addressed

Microsoft disclosed two critical vulnerabilities this month:

• CVE-2026-33824: Affects Windows IKE Extension and is designated as less likely to be exploited.
• CVE-2026-26149: Affects Microsoft Power Apps and is also designated as less likely to be exploited.

Likelihood of Exploitation

According to Microsoft, more than three-quarters of the vulnerabilities disclosed this month are less likely to be exploited. Meanwhile, the company designated 19 vulnerabilities as more likely to be exploited.

The full list of vulnerabilities addressed in this month’s Patch Tuesday update is available in the Microsoft Security Response Center.