Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Microsoft Patch Tuesday April 2026 patches 163 vulnerabilities (8 Critical, 154 Important, 1 Moderate), patch Immediately!!
Image
Published : 15/04/2026
. * Last Update: 16/04/2026
* Affected products:
→ Multiple Microsoft products* Type: Several types, ranging from Tampering to Remote Code Execution and Privilege Escalation.
* CVE/CVSS:
Microsoft patched 163 vulnerabilities in its March 2026 Patch Tuesday release, 8 rated as critical, 154 rated important. Including 2 0-day vulnerabilities and 1 vulnerability that is actively exploited.Number of CVE by type:
→ 20 Remote Code Execution vulnerabilities
→ 93 Elevation of Privilege vulnerabilities
→ 20 Information Disclosure vulnerabilities
→ 8 Spoofing vulnerability
→ 9 Denial of Service vulnerabilities
→ 12 Security Feature Bypass vulnerabilities
→ 1 Tampering vulnerability
Sources
Microsoft - https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
Risks
Microsoft’s April 2026 Patch Tuesday includes 163 vulnerabilities (8 critical, 154 important, 1 moderate and 0 low), for a wide range of Microsoft products, impacting Microsoft Server and Workstations. This Patch Tuesday includes 1 actively exploited vulnerability and 2 0-Days. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2026-32201: Microsoft Sharepoint (Zero-day, Actively exploited)
Spoofing Vulnerability. Microsoft does not specify how this zero-day vulnerability is being exploited. However, according to Zero Day Initiative, spoofing bugs in Sharepoint often manifest as cross-site scripting (XSS) bugs. An attacker who successfully exploited the vulnerability could view some sensitive information and make changes to disclosed information.
Note that there is another vulnerability affecting Sharepoint included in this Patch Tuesday. CVE-2026-20945 is also a spoofing vulnerability and it can be exploited via cross-site scripting. Microsoft indicates that there might be multiple update packages for this software and all applicable updates should be installed.
CVE-2026-33825: Microsoft Defender (Zero-Day)
Elevation of Privilege vulnerability. This flaw, rated as important, lies in insufficient granularity of access control in Microsoft Defender, which allows an authorized attacker to elevate privileges locally. The description of the flaw matches that of BlueHammer, a zero-day exploit code released publicly earlier in April. Note that no action is required to install this update as this happens automatically.
16/04/2026 Update: A Proof-of-Concept has been released to exploit this vulnerability
CVE-2026-33826: Windows Active Directory
Remote Code Execution Vulnerability. There is a critical flaw in Windows Active Directory where improper input validation allows an authorized attacker to execute code over an adjacent network. To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host, resulting in code execution with the same permissions as the RPC host. The attacker needs to be in the same restricted Active Directory domain as the target system for exploitation to be successful.
Given the prevalence of Active Directory in enterprise environments, threat actors are likely to attempt to use this vulnerability to establish a foothold for lateral movement inside organizations, steal data and deploy malware. Note that Microsoft assesses exploitation to be “more likely”.
CVE-2026-33824: Windows Internet Key Exchange (IKE) Service Extensions
Remote Code Execution Vulnerability. This critical vulnerability can be exploited by an unauthenticated attacker by sending crafted packets to a target with IKE version 2 enabled. Mitigation exists if immediate patching cannot be performed, namely in the form of firewall rules. Microsoft assesses exploitation to be “less likely”.
CVE-2026-33827: Windows TCP/IP
Remote Code Execution Vulnerability. There is a race condition that allows a remote, unauthorized attacker to achieve code execution without user interaction. Successful exploitation of a machine requires the unauthenticated attacker to send specially crafted IPv6 packet to a Windows node where IPSec is enabled. Microsoft assesses exploitation to be “less likely”.
CVE-2026-27913: Windows Bitlocker
Security Feature Bypass Vulnerability. This vulnerability is rated as important. It lies in improper input validation in Windows BitLocker. Successful exploitation could allow an attacker to bypass Secure Boot, a UEFI firmware security feature used to allow only trusted and properly signed software runs during the startup process. Microsoft assesses exploitation to be “more likely”.
CVE-2026-26151: Windows Remote Desktop
Spoofing Vulnerability. There is insufficient ui warning of dangerous operations in Windows Remote Desktop that allows an unauthorized attacker to perform spoofing over a network. Successful exploitation requires the user to view attacker-controlled content. To achieve this, a remote attacker could send the targeted user a specially crafted file. Microsoft assesses exploitation to be “more likely”.
Starting with the April 2026 Security Update, users will receive a warning when attempting to open a Remote Desktop Protocol (RDP) file. More information about it can be found here: https://go.microsoft.com/fwlink/?linkid=2347342
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Hacker News - https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html
Tenable - https://www.tenable.com/blog/microsofts-april-2026-patch-tuesday-addresses-163-cves-cve-2026-32201
Zero Day Initiative - https://www.zerodayinitiative.com/blog/2026/4/14/the-april-2026-security-update-review