Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

Title: Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

URL Source: https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/

Published Time: 2026-04-14T20:27:56.000Z

Markdown Content: # Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

[Blog](https://blog.talosintelligence.com/)

- [x]

[](https://talosintelligence.com/)

* [Intelligence Center](https://talosintelligence.com/reputation) - [x] * [# Intelligence Center](https://talosintelligence.com/reputation) * BACK * [Intelligence Search](https://talosintelligence.com/reputation_center) * [Email & Spam Trends](https://talosintelligence.com/reputation_center/email_rep)

* [Vulnerability Research](https://talosintelligence.com/vulnerability_info) - [x] * [# Vulnerability Research](https://talosintelligence.com/vulnerability_info) * BACK * [Vulnerability Reports](https://talosintelligence.com/vulnerability_reports) * [Microsoft Advisories](https://talosintelligence.com/ms_advisories)

* [Incident Response](https://talosintelligence.com/incident_response) - [x] * [# Incident Response](https://blog.talosintelligence.com/incident_response) * BACK * [Reactive Services](https://talosintelligence.com/incident_response/services#reactive-services) * [Proactive Services](https://talosintelligence.com/incident_response/services#proactive-services) * [Emergency Support](https://talosintelligence.com/incident_response/contact)

* [Blog](https://blog.talosintelligence.com/) * [Support](https://support.talosintelligence.com/)

More

* Security Resources - [x]

# Security Resources

* BACK

Security Resources * [Open Source Security Tools](https://talosintelligence.com/software) * [Intelligence Categories Reference](https://talosintelligence.com/categories) * [Secure Endpoint Naming Reference](https://talosintelligence.com/secure-endpoint-naming)

* Media - [x]

# Media

* BACK

Media * [Talos Intelligence Blog](https://blog.talosintelligence.com/) * [Threat Source Newsletter](https://blog.talosintelligence.com/category/threat-source-newsletter/) * [Beers with Talos Podcast](https://talosintelligence.com/podcasts/shows/beers_with_talos) * [Talos Takes Podcast](https://talosintelligence.com/podcasts/shows/talos_takes) * [Talos Videos](https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg/featured)

* Company - [x]

# Company

* BACK

Company * [About Talos](https://talosintelligence.com/about) * [Careers](https://talosintelligence.com/careers)

# Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

By [Nick Biasini](https://blog.talosintelligence.com/author/nick-biasini/)

Tuesday, April 14, 2026 16:27

[Patch Tuesday](https://blog.talosintelligence.com/category/microsoft-patch-tuesday/)

Microsoft has released its monthly security update for April 2026, which includes 165 vulnerabilities affecting a wide range of products, including eight Microsoft marked as “critical.”

[CVE-2026-23666](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666) is a critical Denial of Service (DoS) vulnerability that affects the .NET framework. Successful exploitation could allow the attacker to deny service over the network.

[CVE-2026-32157](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157) is a critical use after free vulnerability in the Remote Desktop Client that results in code execution.

[… 6,068 Zeichen — nächste Zone: keyword-dense paragraphs …]

[### Microsoft releases update to address zero-day vulnerability in Microsoft Office January 29, 2026 09:43 Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability,CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.](https://blog.talosintelligence.com/microsoft-oob-update-january-2026/)

[CVE-2026-33115](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33115) is a critical use after free vulnerability in Microsoft Office word that can result in local code execution. Similar to CVE-2026-33114 and CVE-2026-32190 the attacker is remote, but code needs to be executed from the local machine to exploit the vulnerability.

[CVE-2026-33827](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827) is a critical race condition vulnerability in Windows TCP/IP that can result in remote code execution. Successful exploitation requires the attacker to win a race condition along with additional actions prior to exploitation to prepare the target environment. An unauthenticated actor can send specially crafted IPv6 packets to a Windows node where IPSec is enabled to potentially achieve remote code execution.

A complete list of all other vulnerabilities Microsoft disclosed this month is available on its [update page](https://msrc.microsoft.com/update-guide/). In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on[Snort.org](http://snort.org/).

[CVE-2026-33824](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824) is a critical double free vulnerability in the Widows Internet Key Exchange (IKE) extension, allowing remote code execution. An unauthenticated attacker can send specially crafted packets to a Windows machine with IKE version 2 enabled to potentially enable remote code execution.

[CVE-2026-32201](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201) […]

[… 5,621 Zeichen — nächste Zone: tail …]

* * ###### [Incident Response](https://talosintelligence.com/incident_response)

* [Reactive Services](https://talosintelligence.com/incident_response/services#reactive-services) * [Proactive Services](https://talosintelligence.com/incident_response/services#proactive-services) * [Emergency Support](https://talosintelligence.com/incident_response/contact)

* * ###### Security Resources

* [Open Source Security Tools](https://talosintelligence.com/software) * [Intelligence Categories Reference](https://talosintelligence.com/categories) * [Secure Endpoint Naming Reference](https://talosintelligence.com/secure-endpoint-naming)

* * ###### Media

* [Talos Intelligence Blog](https://blog.talosintelligence.com/) * [Threat Source Newsletter](https://blog.talosintelligence.com/category/threat-source-newsletter/) * [Beers with Talos Podcast](https://talosintelligence.com/podcasts/shows/beers_with_talos) * [Talos Takes Podcast](https://talosintelligence.com/podcasts/shows/talos_takes) * [Talos Videos](https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg/featured)

* * ###### Support

* [Support Documentation](https://support.talosintelligence.com/)

* * ###### Company

* [About Talos](https://talosintelligence.com/about) * [Careers](https://talosintelligence.com/careers) * [Cisco Security](https://www.cisco.com/c/en/us/products/security/product-listing.html)

###### Follow us

* [](https://x.com/talossecurity) * [](https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg/featured) * [](https://www.linkedin.com/company/cisco-talos-intelligence-group/)

[](http://tools.cisco.com/security/center/home.x) © Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our [Privacy Policy.](http://www.cisco.com/web/siteassets/legal/privacy_full.html)