Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
This Patch Tuesday also addresses eight “Critical” vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw.
The number of bugs in each vulnerability category is listed below:
- 93 Elevation of Privilege Vulnerabilities
- 13 Security Feature Bypass Vulnerabilities
- 20 Remote Code Execution Vulnerabilities
- 21 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 9 Spoofing Vulnerabilities
When GeekFeed reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the number of flaws does not include Mariner, Azure, and Bing flaws that were fixed by Microsoft earlier this month. There were also 80 Microsoft Edge/Chromium flaws that were fixed by Google.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5083769 & KB5082052 cumulative updates and the Windows 10 KB5082200 extended security update.
2 zero-days and Microsoft Office flaws
This month’s Patch Tuesday fixes two zero-day vulnerabilities, with one publicly disclosed and the other actively exploited in attacks.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The actively exploited zero-day flaw is:
CVE-2026-32201 – Microsoft SharePoint Server Spoofing Vulnerability
Microsoft has patched a Microsoft SharePoint Server Spoofing Vulnerability that was exploited in attacks.
“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network,” explains Microsoft.
“An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability),” continued Microsoft.
Microsoft has not disclosed how this vulnerability was exploited in attacks or who disclosed it.
The publicly disclosed zero-day is:
CVE-2026-33825 – Microsoft Defender Elevation of Privilege Vulnerability
Microsoft has patched a Microsoft Defender privilege elevation flaw that gives SYSTEM privileges.
The company has addressed the flaw in the Microsoft Defender Antimalware Platform update version 4.18.26030.3011, which will automatically be downloaded to systems.
Windows users can manually install it by going to Windows Security > Virus & threat protection > Protection Updates, then clicking Check for updates.
Microsoft has credited Zen Dodd and Yuanpei XU (HUST) with Diffract with discovering this flaw.
Microsoft has also fixed multiple remote code execution bugs in Microsoft Office (Word and Excel) that can be executed via the preview pane or by opening malicious documents.
Therefore, users should prioritize updating Microsoft Office as soon as possible, especially if they commonly receive attachments.
The April 2026 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the April 2026 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2026-26171 | .NET Denial of Service Vulnerability | Important |
| .NET | CVE-2026-32178 | .NET Spoofing Vulnerability | Important |
| .NET and Visual Studio | CVE-2026-32203 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2026-23666 | .NET Framework Denial of Service Vulnerability | Critical |
| .NET Framework | CVE-2026-32226 | .NET Framework Denial of Service Vulnerability | Important |
| .NET, .NET Framework, Visual Studio | CVE-2026-33116 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important |
| Applocker Filter Driver (applockerfltr.sys) | CVE-2026-25184 | Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability | Important |
| Azure Logic Apps | CVE-2026-32171 | Azure Logic Apps Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2026-32192 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2026-32168 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
| Desktop Window Manager | CVE-2026-27924 | Desktop Window Manager Elevation of Privilege Vulnerability | Important |
| Desktop Window Manager | CVE-2026-32154 | Desktop Window Manager Elevation of Privilege Vulnerability | Important |
| Desktop Window Manager | CVE-2026-32152 | Desktop Window Manager Elevation of Privilege Vulnerability | Important |
| Desktop Window Manager | CVE-2026-27923 | Desktop Window Manager Elevation of Privilege Vulnerability | Important |
| Desktop Window Manager | CVE-2026-32155 | Desktop Window Manager Elevation of Privilege Vulnerability | Important |
| Function Discovery Service (fdwsd.dll) | CVE-2026-32087 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important |
| Function Discovery Service (fdwsd.dll) | CVE-2026-32086 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important |
| Function Discovery Service (fdwsd.dll) | CVE-2026-32150 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important |
| Function Discovery Service (fdwsd.dll) | CVE-2026-32093 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Important |
| GitHub Copilot and Visual Studio Code | CVE-2026-23653 | GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability | Important |
| GitHub Repo: Git for Windows | CVE-2026-32631 | GitHub: CVE-2026-32631 ‘git clone’ from manipulated repositories can leak NTLM hashes | Important |
| Input-Output Memory Management Unit (IOMMU) | CVE-2023-20585 | AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability | Important |
| Microsoft Brokering File System | CVE-2026-32091 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2026-32219 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2026-26181 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Defender | CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2026-33103 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2026-32221 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft High Performance Compute Pack (HPC) | CVE-2026-32184 | Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability | Important |
| Microsoft Management Console | CVE-2026-27914 | Microsoft Management Console Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2026-32190 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2026-32199 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-32198 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-32197 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-32188 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-32189 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2026-32200 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-32201 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-20945 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2026-23657 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2026-33115 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-33114 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-33095 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2026-33822 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Power Apps | CVE-2026-26149 | Microsoft Power Apps Security Feature Bypass | Important |
| Microsoft PowerShell | CVE-2026-26143 | Microsoft PowerShell Security Feature Bypass Vulnerability | Important |
| Microsoft PowerShell | CVE-2026-26170 | PowerShell Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2026-32181 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important |
| Microsoft Windows Search Component | CVE-2026-27909 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Speech | CVE-2026-32153 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Node.js | CVE-2026-21637 | HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers | Moderate |
| Remote Desktop Client | CVE-2026-32157 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2026-32149 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2026-26156 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2026-33120 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2026-32176 | SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2026-32167 | SQL Server Elevation of Privilege Vulnerability | Important |
| Universal Plug and Play (upnp.dll) | CVE-2026-32212 | Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability | Important |
| Universal Plug and Play (upnp.dll) | CVE-2026-32214 | Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability | Important |
| Windows Active Directory | CVE-2026-32072 | Active Directory Spoofing Vulnerability | Important |
| Windows Active Directory | CVE-2026-33826 | Windows Active Directory Remote Code Execution Vulnerability | Critical |
| Windows Admin Center | CVE-2026-32196 | Windows Admin Center Spoofing Vulnerability | Important |
| Windows Advanced Rasterization Platform | CVE-2026-26178 | Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-27922 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-26177 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-32073 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-26168 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-26182 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-26173 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-33100 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-33099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Biometric Service | CVE-2026-32088 | Windows Biometric Service Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2026-27913 | Windows BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Boot Loader | CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2026-26175 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Client Side Caching driver (csc.sys) | CVE-2026-26176 | Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-27926 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2026-32162 | Windows COM Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2026-32070 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Container Isolation FS Filter Driver | CVE-2026-33098 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2026-26152 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Important |
| Windows Encrypting File System (EFS) | CVE-2026-26153 | Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability | Important |
| Windows File Explorer | CVE-2026-32084 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows File Explorer | CVE-2026-32079 | Web Account Manager Information Disclosure Vulnerability | Important |
| Windows File Explorer | CVE-2026-32081 | Package Catalog Information Disclosure Vulnerability | Important |
| Windows GDI | CVE-2026-27931 | Windows GDI Information Disclosure Vulnerability | Important |
| Windows GDI | CVE-2026-27930 | Windows GDI Information Disclosure Vulnerability | Important |
| Windows Hello | CVE-2026-27928 | Windows Hello Security Feature Bypass Vulnerability | Important |
| Windows Hello | CVE-2026-27906 | Windows Hello Security Feature Bypass Vulnerability | Important |
| Windows HTTP.sys | CVE-2026-33096 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability | Critical |
| Windows Installer | CVE-2026-27910 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2026-27912 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-32215 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2026-32218 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2026-26179 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-32217 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2026-26163 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-32195 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-26180 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel Memory | CVE-2026-26169 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2026-26155 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2026-32071 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows LUAFV | CVE-2026-27929 | Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Management Services | CVE-2026-20930 | Windows Management Services Elevation of Privilege Vulnerability | Important |
| Windows OLE | CVE-2026-26162 | Windows OLE Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2026-33101 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-26184 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-32078 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-32074 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-32069 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-27927 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2026-32159 | Windows Push Notifications Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2026-32160 | Windows Push Notifications Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2026-26167 | Windows Push Notifications Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2026-26172 | Windows Push Notifications Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2026-32158 | Windows Push Notifications Elevation of Privilege Vulnerability | Important |
| Windows Recovery Environment Agent | CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability | Important |
| Windows Redirected Drive Buffering | CVE-2026-32216 | Windows Redirected Drive Buffering System Denial of Service Vulnerability | Important |
| Windows Remote Desktop | CVE-2026-26151 | Remote Desktop Spoofing Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2026-26159 | Remote Desktop Licensing Service Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2026-26160 | Remote Desktop Licensing Service Elevation of Privilege Vulnerability | Important |
| Windows Remote Procedure Call | CVE-2026-32085 | Remote Procedure Call Information Disclosure Vulnerability | Important |
| Windows RPC API | CVE-2026-26183 | Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2026-25250 | MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix | Important |
| Windows Sensor Data Service | CVE-2026-26161 | Windows Sensor Data Service Elevation of Privilege Vulnerability | Important |
| Windows Server Update Service | CVE-2026-32224 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Important |
| Windows Server Update Service | CVE-2026-26174 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Important |
| Windows Server Update Service | CVE-2026-26154 | Windows Server Update Service (WSUS) Tampering Vulnerability | Important |
| Windows Shell | CVE-2026-27918 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2026-26165 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2026-26166 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2026-32225 | Windows Shell Security Feature Bypass Vulnerability | Important |
| Windows Shell | CVE-2026-32151 | Windows Shell Information Disclosure Vulnerability | Important |
| Windows Shell | CVE-2026-32202 | Windows Shell Spoofing Vulnerability | Important |
| Windows Snipping Tool | CVE-2026-32183 | Windows Snipping Tool Remote Code Execution Vulnerability | Important |
| Windows Snipping Tool | CVE-2026-33829 | Windows Snipping Tool Spoofing Vulnerability | Moderate |
| Windows Speech Brokered Api | CVE-2026-32089 | Windows Speech Brokered Api Elevation of Privilege Vulnerability | Important |
| Windows Speech Brokered Api | CVE-2026-32090 | Windows Speech Brokered Api Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2026-32083 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2026-32082 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2026-32068 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2026-32076 | Windows Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2026-27907 | Windows Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-27921 | Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-33827 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows TDI Translation Driver (tdx.sys) | CVE-2026-27908 | Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-27916 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-32156 | Windows UPnP Device Host Remote Code Execution Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-32077 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-27915 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-27919 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-27925 | Windows UPnP Device Host Information Disclosure Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-32075 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2026-27920 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows USB Print Driver | CVE-2026-32223 | Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability | Important |
| Windows User Interface Core | CVE-2026-32165 | Windows User Interface Core Elevation of Privilege Vulnerability | Important |
| Windows User Interface Core | CVE-2026-32164 | Windows User Interface Core Elevation of Privilege Vulnerability | Important |
| Windows User Interface Core | CVE-2026-27911 | Windows User Interface Core Elevation of Privilege Vulnerability | Important |
| Windows User Interface Core | CVE-2026-32163 | Windows User Interface Core Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2026-23670 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2026-32220 | UEFI Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows WalletService | CVE-2026-32080 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) | CVE-2026-27917 | Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-33104 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2026-32222 | Windows Win32k Elevation of Privilege Vulnerability | Important |
