Zero Day Initiative | Blog
Follow
The April 2026 Security Update Review
April 2026's Patch Tuesday is significant due to a high volume of fixes and active exploits. Adobe released 12 bulletins addressing 61 CVEs in various products, with one Acrobat Reader bug being actively exploited. A separate Adobe ColdFusion bug also has a deployment priority of one. Microsoft released a massive 163 new CVEs across numerous products and components, totaling 247 with third-party fixes. One Microsoft SharePoint Server Spoofing Vulnerability is actively exploited, and a Defender Elevation of Privilege Vulnerability is publicly known. Two critical Windows vulnerabilities, one in TCP/IP and another in IKE, are potentially wormable. The size of Microsoft's release might be due to increased AI-driven vulnerability submissions. Prioritize patching actively exploited vulnerabilities in Adobe Reader and Microsoft Sharepoint. Enterprises using IPv6 or IKE should expedite patching related to their respective vulnerabilities. Testing and deploying the Microsoft Defender fix is crucial for those relying on it.