Changeflow GovPing Data Privacy & Cybersecurity Microsoft April 2026 Security Updates Fix Criti...
Priority review Notice Added Final

Microsoft April 2026 Security Updates Fix Critical Vulnerabilities

Favicon for www.jpcert.or.jp JPCERT EN alerts alt
Published
Detected
Email

Summary

JPCERT/CC issued alert JPCERT-AT-2026-0010 on April 15, 2026, reporting that Microsoft released April 2026 Security Updates addressing multiple vulnerabilities in Microsoft products. Attackers could exploit these vulnerabilities to perform network spoofing or execute arbitrary code remotely without authentication. Among the vulnerabilities disclosed, CVE-2026-32201 (Microsoft SharePoint Server Spoofing Vulnerability) has been confirmed as actively exploited in the wild. JPCERT recommends applying security updates via Microsoft Update, Windows Update, or the Microsoft Update Catalog.

Why this matters

Organizations running Microsoft SharePoint Server should treat CVE-2026-32201 as a high-priority patch — JPCERT and Microsoft both confirm active exploitation, which typically indicates limited time-to-compromise in threat actor playbooks. SharePoint deployments with external-facing components or integration with identity infrastructure are particularly exposed given the spoofing and remote-code-execution vectors disclosed. Review existing patch-management SLAs and consider emergency patching procedures if the SharePoint farm has not been updated since before April 2026.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by JPCERT/CC on jpcert.or.jp . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors JPCERT EN alerts alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

Microsoft released its April 2026 Security Updates on April 15, 2026, addressing multiple vulnerabilities across Microsoft products that could enable network spoofing or unauthenticated remote code execution. JPCERT/CC highlighted CVE-2026-32201, a Microsoft SharePoint Server Spoofing Vulnerability, as being actively exploited in the wild according to Microsoft's confirmed exploitation data. The alert provides direct links to Microsoft's security update guide and the Microsoft Update Catalog for applying patches. Affected organizations running Microsoft SharePoint Server or other affected Microsoft products should immediately apply available security updates through standard Windows Update mechanisms or manual download from the Microsoft Update Catalog to mitigate the risk of exploitation.

What to do next

  1. Apply security update programs through Microsoft Update, Windows Update, or Microsoft Update Catalog

Archived snapshot

Apr 23, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Microsoft Releases April 2026 Security Updates

last update: 2026-04-15
JPCERT-AT-2026-0010
JPCERT/CC
2026-04-15

I. Overview

Microsoft has released April 2026 Security Updates to address the vulnerabilities in their products. Attackers leveraging these vulnerabilities may be able to perform spoofing over a network, or execute arbitrary code remotely without authentication, etc.

Microsoft Corporation
April 2026 Security Updates
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Apr

According to Microsoft, among the vulnerabilities, the following vulnerability has been confirmed to be exploited in the wild. Please consider applying the security update programs by referring to the information provided by Microsoft.

CVE-2026-32201
Microsoft SharePoint Server Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201

II. Solution

Please apply the security update programs through Microsoft Update, Windows Update, etc.

Microsoft Update Catalog
https://www.catalog.update.microsoft.com/

Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq

III. References

Microsoft Corporation
Release Notes
https://msrc.microsoft.com/update-guide/

If you have any information regarding this alert, please contact JPCERT/CC.

JPCERT Coordination Center (Cyber Security Coordination Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

Was this helpful?

Yes No

Add comment:

Please use this form to send us your feedback. For more information on the individual products, please contact the developers.

To provide feedback, please enable JavaScript. Thank you. To report an incident, please click here.

Alerts&Advisories

Parties

Microsoft Corporation

Related changes

Favicon for www.jpcert.or.jp JPCERT Warns of Critical Vulnerabilities in Adobe Acrobat and Reader Allowing Arbitrary Code Execution
Priority review Apr 23, 2026 JPCERT EN alerts alt Data Privacy & Cybersecurity
Favicon for www.fsa.go.jp FSA Japan Weekly Review No.684 Regulatory Updates April 2026
Routine Apr 22, 2026 Japan Agency for Financial Services Banking & Finance
Favicon for www.jftc.go.jp Japan Investigates Microsoft Azure Antitrust Violations
Priority review Apr 22, 2026 Japan JFTC News Consumer Protection

Get daily alerts for JPCERT EN alerts alt

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.jpcert.or.jp
JPCERT EN alerts alt jpcert.or.jp/english
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from JPCERT/CC.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
JPCERT/CC
Published
April 15th, 2026
Instrument
Notice
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Government agencies Healthcare providers
Industry sector
5112 Software & Technology
Activity scope
Software patching Vulnerability remediation Server security
Geographic scope
Japan JP

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Consumer Finance Healthcare

Browse Categories

Agriculture & Food Safety 79 AI Regulation 3 Banking & Finance 484 Consumer Protection 120 Courts & Legal 448 Data Privacy & Cybersecurity 137 Defense & National Security 53 Education 64 Energy 110 Environment 169 Gaming 2 Government & Legislation 466 Healthcare 15 Healthcare & Life Sciences 420 Immigration 10 Insurance 90 Labor & Employment 178 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 85 Securities & Markets 177 Tax 101 Telecom & Technology 49 Trade & Sanctions 157 Transportation 112

Get alerts for this source

We'll email you when JPCERT EN alerts alt publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!