Fortra's April 2026 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve over 65 vulnerabilities including issues like buffer overflow, integer overflow, inappropriate implementation, and insufficient data validation.
Next on the list are patches for Microsoft Office, Excel, Word, and PowerPoint. These patches resolve 12 issues including remote code execution and information disclosure vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 120 vulnerabilities, including elevation of privilege, information disclosure, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, Graphics, Function Discovery Service, Brokering File System, LSASS, UPnP, Push, BitLocker, and various others.
Next are patches that address GitHub Copilot, Visual Studio Code, and .NET, including denial of service, spoofing, and information disclosure vulnerabilities.
Lastly, administrators should focus on server-side patches for Hyper-V, SharePoint, Remote Desktop Licensing Service, WSUS, Windows Admin Center, Dynamics, and SQL Server . These patches resolve 15 issues including remote code execution, tampering, information disclosure, elevation of privilege, and spoofing vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) I | CVE-2026-5272, CVE-2026-5273, CVE-2026-5274, CVE-2026-5275, CVE-2026-5276, CVE-2026-5277, CVE-2026-5279, CVE-2026-5280, CVE-2026-5281, CVE-2026-5283, CVE-2026-5284, CVE-2026-5285, CVE-2026-5286, CVE-2026-5287, CVE-2026-5289, CVE-2026-5290, CVE-2026-5291, CVE-2026-5292, CVE-2026-5858, CVE-2026-5859, CVE-2026-5860, CVE-2026-5861, CVE-2026-5863, CVE-2026-5864, CVE-2026-5865, CVE-2026-5866, CVE-2026-5867, CVE-2026-5868, CVE-2026-5869, CVE-2026-5870, CVE-2026-5871, CVE-2026-5872, CVE-2026-5873, CVE-2026-5874, CVE-2026-5875, CVE-2026-5876, CVE-2026-5877 |
| Microsoft Edge (Chromium-based) II | CVE-2026-5878, CVE-2026-5879, CVE-2026-5880, CVE-2026-5881, CVE-2026-5882, CVE-2026-5883, CVE-2026-5884, CVE-2026-5885, CVE-2026-5886, CVE-2026-5887, CVE-2026-5888, CVE-2026-5889, CVE-2026-5890, CVE-2026-5891, CVE-2026-5892, CVE-2026-5893, CVE-2026-5894, CVE-2026-5895, CVE-2026-5896, CVE-2026-5897, CVE-2026-5898, CVE-2026-5899, CVE-2026-5900, CVE-2026-5901, CVE-2026-5902, CVE-2026-5903, CVE-2026-5904, CVE-2026-5905, CVE-2026-5906, CVE-2026-5907, CVE-2026-5908, CVE-2026-5909, CVE-2026-5910, CVE-2026-5911, CVE-2026-5912, CVE-2026-5913, CVE-2026-5914, CVE-2026-5915, CVE-2026-5918, CVE-2026-5919, CVE-2026-33118,CVE-2026-33119 |
| Microsoft Office | CVE-2026-32190 |
| Microsoft Office Excel | CVE-2026-32188, CVE-2026-32189, CVE-2026-32199, CVE-2026-32198, CVE-2026-32197 |
| Microsoft Office Word | CVE-2026-33822, CVE-2026-33114, CVE-2026-33115, CVE-2026-23657, CVE-2026-33095 |
| Microsoft Office PowerPoint | CVE-2026-32200 |
| Windows I | CVE-2026-32081, CVE-2026-32079, CVE-2026-32084, CVE-2026-27917, CVE-2026-26149, CVE-2026-26183, CVE-2026-32219, CVE-2026-26181, CVE-2026-32091, CVE-2026-27910, CVE-2026-25250, CVE-2026-32150, CVE-2026-32093, CVE-2026-32087, CVE-2026-32086, CVE-2026-32223, CVE-2026-32221, CVE-2026-33098, CVE-2026-26155, CVE-2026-32071, CVE-2026-32214, CVE-2026-32212, CVE-2026-32069, CVE-2026-26184, CVE-2026-27927, CVE-2026-32078, CVE-2026-32074, CVE-2026-27909, CVE-2026-32072, CVE-2026-33826, CVE-2026-26143, CVE-2026-26170, CVE-2026-33825, CVE-2026-33827, CVE-2026-27921, CVE-2026-20930, CVE-2026-33096, CVE-2026-32157, CVE-2026-32162, CVE-2026-20806, CVE-2026-33824, CVE-2026-32080, CVE-2026-26152, CVE-2026-32068, CVE-2026-32083, CVE-2026-32082, CVE-2026-0390, CVE-2026-27914, CVE-2026-32216, CVE-2026-26175, CVE-2026-27924, CVE-2026-27923, CVE-2026-32155, CVE-2026-32154, CVE-2026-32152, CVE-2026-33101, CVE-2026-26178 |
| Windows II | CVE-2026-32195, CVE-2026-26180, CVE-2026-26179, CVE-2026-26163, CVE-2026-32218, CVE-2026-32217, CVE-2026-32215, CVE-2026-27912, CVE-2026-26169, CVE-2023-20585, CVE-2026-27919, CVE-2026-27915, CVE-2026-27916, CVE-2026-27920, CVE-2026-32077, CVE-2026-32075, CVE-2026-27925, CVE-2026-32156, CVE-2026-32181, CVE-2026-26161, CVE-2026-25184, CVE-2026-27911, CVE-2026-32163, CVE-2026-32164, CVE-2026-32165, CVE-2026-27926, CVE-2026-27931, CVE-2026-27930, CVE-2026-33104, CVE-2026-32159, CVE-2026-32158, CVE-2026-26172, CVE-2026-32160, CVE-2026-26167, CVE-2026-32090, CVE-2026-32089, CVE-2026-26151, CVE-2026-32222, CVE-2026-27929, CVE-2026-32085, CVE-2026-27908, CVE-2026-32153, CVE-2026-26153, CVE-2026-27913, CVE-2026-20928, CVE-2026-27928, CVE-2026-27906, CVE-2026-32070, CVE-2026-27907, CVE-2026-32076 |
| GitHub Copilot and Visual Studio Code | CVE-2026-23653 |
| .NET, .NET Framework, Visual Studio | CVE-2026-33116, CVE-2026-26171, CVE-2026-32178, CVE-2026-23666, CVE-2026-32226, CVE-2026-32203 |
| Microsoft Office SharePoint | CVE-2026-32201, CVE-2026-20945 |
| Windows Hyper-V | CVE-2026-32149, CVE-2026-26156 |
| Windows Remote Desktop Licensing Service | CVE-2026-26160, CVE-2026-26159 |
| Windows Server Update Service | CVE-2026-26174, CVE-2026-32224, CVE-2026-26154 |
| Windows Admin Center | CVE-2026-32196 |
| Microsoft Dynamics 365 (on-premises) | CVE-2026-33103 |
| SQL Server | CVE-2026-33120, CVE-2026-32167, CVE-2026-32176 |
Cybercrime Intelligence Shouldn't Be Siloed
Fortra® experts are dedicated to protecting organizations and the public by delivering the latest insights, data, and defenses to strengthen security against emerging cyber threats.
