Microsoft patched 167 vulnerabilities across Windows and related products in April 2026 Patch Tuesday updates. The batch includes a SharePoint Server zero-day and "BlueHammer," a publicly disclosed Windows Defender weakness. Both flaws expose systems to remote attack vectors requiring immediate patching.
Google Chrome addressed its fourth zero-day of 2026, continuing a pattern of critical browser vulnerabilities discovered this year. Adobe released emergency updates for Reader to close an actively exploited remote code execution flaw already weaponized in the wild.
Defenders should prioritize the SharePoint Server zero-day and Adobe Reader exploit first, given public disclosure and active exploitation respectively. Windows Defender users must patch BlueHammer to prevent endpoint bypass. Organizations running Chrome should deploy updates before employees resume normal browsing activities. All three vendors released patches the same day. Network teams should verify deployment across their environments within 48 hours.