Microsoft Fixes Two Zero-Days in April Patch Tuesday

Key Points:

• CVE-2026-32201 is a server spoofing vulnerability in SharePoint that is actively exploited, allowing unauthorized attackers to manipulate user information and potentially facilitate phishing attacks.
• The impact includes the ability to deceive users within trusted environments, leading to unauthorized data manipulation and social engineering campaigns. CVE-2026-33825 is an elevation of privilege vulnerability in Microsoft Defender that could allow attackers to gain system-level access and execute further attacks.
• Immediate patching of these vulnerabilities is recommended, especially for environments with SharePoint and Microsoft Defender. Additionally, organizations should monitor for signs of exploitation and strengthen internal security measures.

Technical Details: CVE-2026-32201 allows spoofing through improper input validation in SharePoint, while CVE-2026-33825 enables elevation of privilege in Microsoft Defender, potentially chaining with other vulnerabilities for broader attacks.

MITRE ATT&CK Techniques:

• T1566 - Phishing (Initial Access)
• T1078 - Valid Accounts (Defense Evasion, Persistence, Privilege Escalation)

IOCs Mentioned: None mentioned.