One Exploited Zero-Day and Record Numbers: The April 2026 Windows Patch Tuesday Breakdown

Posted on by Martin Brinkmann

If March 2026 was a marathon of infrastructure updates, April is a massive avalanche of patches.

Microsoft’s fourth Patch Tuesday of 2026 has arrived, addressing a massive 165 vulnerabilities in total. The sheer volume demands attention. It contains two 0-day vulnerabilities — one of which is actively exploited in the wild — and eight critical flaws affecting a wide range of products, including Office, SharePoint, Microsoft Defender, and Azure.

Here is the breakdown of what you need to know, what to patch first, and what might break.

The April 2026 Patch Day overview

Executive Summary

  • Release Date: April 14, 2026
  • Total Vulnerabilities: 165
  • Critical Vulnerabilities: 8
  • Zero-Days: 2 (SharePoint [Actively Exploited], Microsoft Defender [Publicly Disclosed])

Key Action Item: Administrators must prioritize patching internet-facing SharePoint servers due to the actively exploited spoofing zero-day. Simultaneously, network infrastructure and Active Directory components need immediate updates to mitigate several highly critical Remote Code Execution vulnerabilities.

Important Patches

  • CVE-2026-32201 — Microsoft Office SharePoint Spoofing Vulnerability
  • CVE-2026-33825 — Microsoft Defender Elevation of Privilege Vulnerability
  • CVE-2026-33824 — Windows Internet Key Exchange (IKE) Extension Remote Code Execution Vulnerability
  • CVE-2026-33827 — Windows TCP/IP Remote Code Execution Vulnerability
  • CVE-2026-33826 — Windows Active Directory Remote Code Execution Vulnerability
  • CVE-2026-23666 — .NET Denial of Service Vulnerability

Cumulative Updates

Product, VersionLinksNotes
Windows 11 & Windows 10KB5082200 (Windows 10)
KB5083768 (Windows 11, 26H1)
KB5083769 (Windows 11, version 25H2 and 24H2)

Security updates addressing OS-level RCEs in TCP/IP, IKE, and Active Directory components. Also resolves numerous Elevation of Privilege (EoP) flaws across Windows Kernel, Boot Loader, and BitLocker.
Microsoft SharePoint ServerPatches for SharePoint 2016, 2019, and Subscription Edition to address the actively exploited CVE-2026-32201 spoofing flaw.
Microsoft OfficeSecurity updates addressing multiple Critical Use-After-Free and Untrusted Pointer Dereference vulnerabilities resulting in local code execution

Deep Dive: The Critical Vulnerabilities

Microsoft confirmed that it patched two 0-day vulnerabilities this Patch Day and several critical remote code execution flaws.

Here is the critical overview:

CVE-2026-32201 (Microsoft Office SharePoint Spoofing Vulnerability)

This actively exploited zero-day allows an unauthorized attacker to perform spoofing over a network due to improper input validation in Microsoft Office SharePoint. An attacker who successfully exploits this can view sensitive information and make changes to disclosed information.

CVE-2026-33825 (Microsoft Defender Elevation of Privilege Vulnerability)

A publicly disclosed zero-day flaw in Microsoft Defender that allows privilege escalation to SYSTEM privileges. Microsoft has addressed the flaw in the Microsoft Defender Antimalware Platform update version 4.18.26050.3011, which should be downloaded to (most) systems automatically.

CVE-2026-33824 (Windows Internet Key Exchange (IKE) Extension RCE)

A critical double-free vulnerability in the Windows IKE extension. An unauthenticated attacker can send specially crafted packets to a Windows machine with IKE version 2 enabled to potentially achieve remote code execution. If IKE is not in use, blocking inbound traffic on UDP ports 500 and 4500 acts as a mitigation.

CVE-2026-33827 (Windows TCP/IP Remote Code Execution)

A critical race condition vulnerability in Windows TCP/IP that can result in remote code execution. An unauthenticated actor can send specially crafted IPv6 packets to a Windows node where IPSec is enabled to potentially achieve RCE.

CVE-2026-33826 (Windows Active Directory Remote Code Execution)

A critical improper input validation flaw in Windows Active Directory. It allows an authenticated attacker to execute code over an adjacent network.

First Steps: Your Patch Tuesday Strategy

  • Prioritize the SharePoint zero-day
  • Address network and directory risks
  • Update Office installations

Brave is getting Container support and the feature has made a big jump recently

Posted on by Martin Brinkmann

Firefox fans have long heralded the browser’s Multi-Account Containers feature as an exclusive that users of Chromium-based browsers did not have. Soon, Brave Brower users may also make use of a Containers feature, ending Firefox’s exclusivity.

Brave has begun rolling out native Container support as an experimental flag in its desktop browser as of April 2026. It allows users of the browser to isolate web sessions better and even get options to open multiple accounts of the same site in a single browser window without using clunky workarounds or third-party extensions.

The Core Concept: Session Isolation

At its core, the Containers feature creates isolated islands within a single browser window. Each container acts as a separate, sandboxed environment. Data, including cookies, local storage, or cached files, can’t be seen or accessed by tabs in another container or by the default container-less environment.

Since data is sandboxed, it is possible to sign-in to the same site in different containers in the same browser window using a single profile, or to open a site with an account and without one at the same time. Furthermore, since data is separate, tracking becomes less effective as the trackers can only see what is going on in a single container and not the entire browser.

Containers works with tab groups and all core features of the browser, including browser extensions.

The feature is available in Brave Nightly only at the time. You need to load brave://flags, search for Enable Containers, and toggle the feature to Enabled to start using it. A restart of the browser is required as usual before it becomes available.

Since this feature is in Nightly, it may have bugs and may not be as polished as the stable version that Brave Software plans to ship in a later version of the browser.

Windows 11 is removing an option to bypass Microsoft account and internet during setup

A More User-Friendly Way to Pause Windows 11 Updates is Coming

Posted on by Martin Brinkmann

Say goodbye to the rigid weak week-timers that have long dictated your PC’s maintenance schedule. Microsoft is currently testing a significant overhaul to its update system in the latest Windows 11 Insider builds, replacing the clunky dropdown menu with a user-friendly calendar picker.

First spotted by researcher PhantomOfEarth, this new feature allows users to select a specific date to resume updates. A much needed improvement as it is giving Windows users granular control when they machines reboot and install updates for the operating system.

The Pause Updates feature of the Settings app is not the only option that Windows administrators have regarding updates, but it is the most visible.

Here is a quick overview of what is available:

1. The Standard Settings Method (Temporary)

The most common way is through the built-in settings, though it currently lacks the granular “pick a date” flexibility coming in the update.

  • How to do it: Go to Settings > Windows Update and look for Pause updates.
  • The Limitation: Currently, you can only choose from preset increments (1 week, 2 weeks, etc.) up to a maximum of 5 weeks. Once that time expires, you must install the pending updates before you can pause again.

2. Set as “Metered Connection” (Passive Pause)

Windows will not automatically download most updates if it thinks you are on a data-capped connection.

  • How to do it: Go to Settings > Network & internet > Wi-Fi (or Ethernet), select your network properties, and toggle Metered connection to “On.”
  • Effect: This delays large updates indefinitely, though critical security patches may still bypass this setting.

3. Disable the Windows Update Service (Semi-Permanent)

You can stop the background service that checks for updates entirely.

  • How to do it: Press Win + R, type services.msc, and find Windows Update. Right-click it, select Properties, set the “Startup type” to Disabled, and click Stop.
  • Note: Windows may eventually restart this service on its own during system maintenance.

4. Group Policy Editor (For Pro & Enterprise Users)

If you have a Pro or Enterprise version of Windows, you can use the Group Policy Editor for more control.

  • How to do it: Press Win + R, type gpedit.msc, and navigate to:Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience.
  • The Fix: Double-click Configure Automatic Updates and set it to Disabled. This stops the automatic check entirely until you turn it back on.

5. Registry Editor (The “Home” Edition Workaround)

Since Home users don’t have the Group Policy Editor, they can achieve the same result via the Registry.

  • How to do it: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows.
  • The Fix: Create a new key called WindowsUpdate, then a sub-key named AU. Inside AU, create a DWORD (32-bit) value named NoAutoUpdate and set its value to 1.

6. Third-Party Tools

There are several lightweight, community-trusted tools designed specifically to “kill” Windows updates with one click, such as Windows Update Blocker (WUB) or WuMgr. These are popular for users who want to prevent updates without digging through system menus.

Microsoft is Radically Changing the Windows Insider Program

Posted on by Martin Brinkmann

If you’ve ever felt completely lost in the web of Windows testing tiers or frustrated by slow A/B feature rollouts, relief may finally have arrived.

Microsoft announced a big overhaul of the Windows Insider Program this week designed to simplify how users test development builds of the operating system.

The company is cutting down the channel list to just two primary ones — Beta and Experimental — and is finally changing how experimental features land on test systems.

Here is a breakdown of the major changes:

  • Two Streamlined Channels: The previously confusing multi-tier system is being condensed into just two primary tracks: Experimental (which replaces the Dev and Canary channels) and Beta (for features that are closer to being ready for the public).
  • The End of A/B Testing: Microsoft is officially dropping its Controlled Feature Rollout (CFR) system for Beta channel participants. This means no more waiting in the dark while other testers randomly receive new features before you do.
  • Manual Feature Flags: You are finally getting direct control over your testing experience. Moving forward, Insiders can manually toggle new features on or off directly within Windows Settings as soon as they are documented in the changelogs.
  • No More “Clean Install” Trap: Historically, leaving the Insider program or dropping down to a more stable channel often required a complete, data-wiping OS reinstall. Microsoft is fixing this by allowing in-place upgrades (IPU), meaning you can transition channels or exit the program while keeping your files and apps intact.
  • Clearer Communication: Release notes and documentation will be much more explicit about who features are for and which channel they belong to, giving IT admins, developers, and enthusiasts a much more transparent roadmap of what to expect.

From a testing perspective, Microsoft is launching several improvements. First, Beta users get access to features directly. No more waiting or using of third-party tools like ViVeTool to enable them.

Second, users in the experimental channel get options to turn certain features on, if they are not already enabled.

Third, switching between channels should get easier and less cumbersome.

Last but not least, more documentation is always welcome, as Microsoft’s attempts have been lackluster at best until now.

While the announcement may instill hope in Windows testers who have been disappointed by Microsoft so far, it is clear that Microsoft has to deliver. If the company does, it could improve its Windows Insider program significantly in the process.

New YouTube Premium Rates: US Prices Rise to $15.99

Posted on by Martin Brinkmann

Like clockwork subscription prices are increasing. Last month, it was Netflix that announced a price hike in the United States. Customers have to pay between $1 and $2 extra per month to continue streaming Netflix-content to their devices.

Just a few weeks later, it is Google that is quietly raising prices for YouTube Premium subscriptions in the United States.

Here is what is changing:

  • Individual Plan: Increased from $13.99 to $15.99 per month
  • Family Plan: Increased from $22.99 to $26.99 per month
  • Annual Plan: Increased from $139.99 to $159.99 per year
  • Premium Lite: Increased from $7.99 to $8.99 per month

So, users pay between $1 to $4 more per month, or $20 when they pay yearly. The change affects Apple users as well. Users who subscribe through the Apple App Store or an iOS device pay a premium, and this remains. The individual plan costs $20.99 per month when subscribed this way.

That is why it is advised to subscribe using a web browser to get the lower rate.

The new price is already shown to users who open the official YouTube Premium subscription page on the website. Google, however, has not announced the price increase officially on any of its official blogs.

Premium subscribers may stream videos without ads on YouTube. They do get access to YouTube Music and some other — mostly artificially limited — features, including background play or continue watching.

YouTube Lite subscribers pay less, but they get limited features. They get ads on some video formats and types, and the ability to play in background or download videos is also limited.

Good content blockers continue to work in browsers and apps like NewPipe or SmartTube continue to work on Android TVs as well, albeit with frequent interruptions caused by changes on YouTube.

WhatsApp is rolling out long-overdue username privacy feature

Posted on by Martin Brinkmann

If you use the popular messaging service WhatsApp, you know that you can only add contacts to the service with a phone number. Don’t have the number registered to a WhatsApp account? Then you can’t add the contact to the app.

Clearly, having to share your phone number is not always a good idea. While you may not have any issues sharing it with close friends or family, giving it to others is another matter.

It is a privacy and security issue. Other messengers support usernames, which do not reveal critical information to a third-party.

WhatsApp started to work on usernames about three years ago, but the Meta-owned app is just about to start rolling the feature out to a first batch of users, reports WABetaInfo.

You can add a username in the settings. Once you do, you may share the username with others to get them to add you to the messenger. Good news is that you can further protect the username with a code, which others need to provide when they try to add you.

However, there are quite a few limitations regarding usernames. Here are noteworthy ones:

  • The username can be between 3 and 23 characters in length.
  • It needs to start with a letter, and can only contain letters, numbers, underscore, and a period.
  • It can’t be a domain name or start with www.
  • It can’t be taken, if someone on Instagram or Facebook picked it already. The user who picked it can get it on WhatsApp.

Support for usernames is a welcome addition. While some Internet users prefer to use other messaging clients, those who offer more privacy, WhatsApp’s users will certainly benefit from the feature.

No official ETA or confirmation by Meta at this point though. Might take months or even longer before the feature lands for most users.

VeraCrypt developer claims that Microsoft has terminated his account

Posted on by Martin Brinkmann

VeraCrypt is a popular cross-platform encryption software that is available for Windows, Linux and macOS. It is one of the successors of TrueCrypt and can be used to encrypt hard drives, including system drives, and to create data containers on drive that are encrypted.

The developer of the application, Mounir Idrassi, published a project update on Sourceforge a few days ago. There, he explained why the project had been silent for the past few months.

According to his description, Microsoft terminated the account that he used to sign Windows drivers and the bootloader. This affects the Windows version of the encryption software, as updates can’t be signed anymore because of this. The Linux and macOS versions of the software are not affected by this.

To make matters worse, a screenshot with a message by Microsoft suggests that an appeal is not available. It is unclear what that means for the project. While a solution may be found eventually, likely through enough outside pressure to get a Microsoft representative to look at the case, it is certainly problematic when a company that operates its own encryption software — Microsoft with BitLocker — is blocking a competitor from releasing updates for his.

Report: Windows has a new 0-day vulnerability called BlueHammer

Posted on by Martin Brinkmann

The next Windows Patch Day is just a week away and it is unclear whether it will include a fix for a recently disclosed 0-day vulnerability.

The new security vulnerability has been disclosed on GitHub, including proof of concept code to exploit the issue. However, there is no explanation how the issue works.

Well-known security researcher Will Dormann commented on the issue and confirmed that it is working. He admitted that it “may not be 100%” reliable though. It seems that frustration with MSRC, the Microsoft Security Research Center, and how it operates, was the reason for the public disclosure of the vulnerability. Whether that is true or not can’t be verified though.

So, what do we know about the vulnerability so far?

  • What it is: “BlueHammer” is an unpatched zero-day Local Privilege Escalation (LPE) vulnerability affecting Microsoft Windows.
  • Impact: It allows a local attacker with limited, low-level user access to escalate their permissions to SYSTEM or elevated administrator rights. This effectively grants the attacker full control over the compromised machine.
  • Current Status: Microsoft has not yet released an official patch or mitigation, making it a true zero-day.

Security experts (such as Will Dormann) describe it as a flaw that combines a TOCTOU (Time-of-Check to Time-of-Use) vulnerability with path confusion. At a high level, it appears to weaponize Windows Defender-related interfaces (the leaked source code contains files like windefend.idl and windefend_c.c). By bypassing the system’s original validation, a local attacker can gain access to the Security Account Manager (SAM) database, which stores local account password hashes, ultimately allowing them to spawn SYSTEM-level shells.

Good news is that the flaw is a local privilege escalation, which means that attackers can’t exploit it to hack into Windows PCs remotely. However, if they were to gain access to a Windows system, they could use it to expand access or even take over a system completely.

How to batch test archives on Windows

Posted on by Martin Brinkmann

File archives serve plenty of purposes. They compress one or multiple files and folders and make them available as a single file; ideal for distribution and storage.

Many backup tools, for instance, support compressing backups to save storage space.

But how do you ensure that the archives are not corrupt? There are several options, including generating hashes and running verifiers.

However, if you have not created hashes in first place or find this too time consuming or unmanageable, you could test the archives directly using archivers.

PeaZip is an open source archiver for several operating systems. Version 11.0 was released recently and it includes a batch testing option.

Throw any number of support archive formats at the app and it will check each archive. It does so automatically and the only exception to that is when it encounters a password protected archive, as it will prompt for the password in that case.

You get a full list of results in the end that you can go through to find any archives that are damaged.

PeaZip supports all major archive formats. To name a few: ZIP, 7z, BR, TAR, ZipX, RAR, APK, CAB, ISO, and ACE.

Here is how you run the test:

  1. Download and install the latest version of the archiver. You can download a portable version or use winget install -e peazip to install it from the command line.
  2. Open the application and use the file manager to navigate to the folder with the archives that you want to test.
  3. Select them all, for instance by holding down Ctrl and left-clicking on each archive, using Ctrl-A, or right-clicking and picking “select all” from the context menu.
  4. Right-click on the selection and select More > Test to start the verification process.

PeaZip tests one archive after another, displaying results in a separate window. You could move all archives into a single folder to make this operation easier, or switch folders to continue testing archives.

All in all, this is a straightforward option to batch test archives on Windows (or any other of the supported operating systems).

Windows 11 Insiders may finally be getting better testing access

Posted on by Martin Brinkmann

One of the most frustrating experiences as a Windows Insider is the Controlled Rollout feature in my experience. You sign up to beta test Windows 11 versions and instead of getting all features ready for testing, Microsoft is limiting access to new features.

While you can enable the features with the ViVeTool, doing so requires more steps and is not super comfortable. Still, it is the only reliable option to enable features that are on “roll out” immediately on a Windows 11 system.

Serial leaker Phantom of Earth discovered a hidden feature in recent Insider builds of Windows 11 that should make things easier for users.

Microsoft is apparently working on integrating its own “ViVeTool-like” interface in the Settings. This means that testers can enable certain features, that are on rollout, directly there.

The full functionality is unknown at this point. Will all features be listed there or only handpicked ones by Microsoft? We do not know at this point. There is also the chance that Microsoft is having a change of heart at one point.

Also, it appears that the change targets Insider versions only and not stable builds. Stable Windows 11 users who want to enable some features directly will therefore still have to use the ViVeTool to do so.

If done right, it could improve testing certain Windows 11 features and changes for many testers.