EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Microsoft SharePoint Server and Windows products, including versions affected by the actively exploited SharePoint zero-day. The vulnerabilities include a critical spoofing flaw in SharePoint Server and remote code execution vulnerabilities in Windows TCP/IP and Internet Key Exchange (IKE) service extensions. These vulnerabilities pose a significant business risk and impact, as they could allow attackers to view or modify sensitive information, execute code without user interaction, or compromise system availability. If exploited, these vulnerabilities could lead to unauthorized access, data breaches, and system compromise, resulting in financial losses, reputational damage, and potential regulatory penalties.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Microsoft SharePoint Server and Windows products, including versions affected by the actively exploited SharePoint zero-day. The vulnerabilities include a critical spoofing flaw in SharePoint Server and remote code execution vulnerabilities in Windows TCP/IP and Internet Key Exchange (IKE) service extensions. These vulnerabilities pose a significant business risk and impact, as they could allow attackers to view or modify sensitive information, execute code without user interaction, or compromise system availability. If exploited, these vulnerabilities could lead to unauthorized access, data breaches, and system compromise, resulting in financial losses, reputational damage, and potential regulatory penalties.[emaillocker id="1283"]
CVE-2026-32201 with a CVSS score of 6.5 – This vulnerability is a spoofing issue in Microsoft SharePoint Server, potentially allowing attackers to view or modify exposed information. Attackers can exploit this vulnerability by sending malicious requests to the affected server, and the prerequisite is a vulnerable SharePoint Server installation with internet-facing exposure. The vulnerability allows attackers to view or modify sensitive information, making confidentiality and integrity vulnerable.
CVE-2026-33827 with a CVSS score of 8.1 – This flaw enables remote, unauthenticated attackers to execute code without user interaction, making it potentially wormable on systems with IPv6 and IPSec enabled. This vulnerability involves a race condition, making it exploitable. The prerequisite is a vulnerable Windows system with IPv6 and IPSec enabled.
CVE-2026-33824 with a CVSS score of 9.8 – This critical flaw in Windows IKE service extensions could allow remote attackers to execute code on affected systems. Systems with IKE enabled are at risk, although blocking UDP ports 500 and 4500 can reduce exposure from external threats. The prerequisite is a vulnerable Windows system with IKE enabled, allowing internal attackers to exploit it for lateral movement.
Organizations should prioritize testing and applying patches quickly to reduce exposure and prevent potential compromise from actively targeted flaws. The actively exploited SharePoint zero-day and remote code execution vulnerabilities in Windows TCP/IP and IKE service extensions pose a significant risk to system availability and data integrity. If left unpatched, these vulnerabilities could lead to unauthorized access, data breaches, and system compromise, resulting in financial losses and reputational damage.
RECOMMENDATION:
We recommend you to refer below link:
CVE-2026-32201: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
CVE-2026-33824: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824
CVE-2026-33827: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827
REFERENCES:
The following reports contain further technical details:
https://securityaffairs.com/190831/security/microsoft-patch-tuesday-for-april-2026-fixed-actively-exploited-sharepoint-zero-day.html