Microsoft April 2026 Patch Tuesday — 168 Vulnerabilities Fixed Including SharePoint Zero-Day
Microsoft’s April 2026 Patch Tuesday is the largest security update of the year so far, addressing 168 vulnerabilities across Windows, Office, SharePoint, Azure, and .NET. Three of the vulnerabilities are actively exploited zero-days, including a critical SharePoint remote code execution flaw.
Critical Zero-Days Being Exploited
CVE-2026-24983 — SharePoint Server RCE (CVSS 9.8)
The most severe vulnerability this month. An unauthenticated attacker can execute arbitrary code on SharePoint Server 2016, 2019, and Subscription Edition by sending a specially crafted HTTP request. Microsoft confirms active exploitation in the wild.
Affected: SharePoint Server 2016, 2019, Subscription Edition
Fix: Apply KB5002697 immediately
CVE-2026-29336 — Windows CLFS Privilege Escalation (CVSS 7.8)
A local privilege escalation in the Windows Common Log File System driver. Exploited by ransomware groups to gain SYSTEM privileges after initial access.
CVE-2026-30030 — Windows Hyper-V Guest Escape (CVSS 8.1)
Allows a VM guest to escape to the hypervisor host. Affects Hyper-V on Windows Server 2019, 2022, and 2025.
Vulnerability Breakdown by Severity
- Critical: 22 vulnerabilities
- Important: 132 vulnerabilities
- Moderate: 14 vulnerabilities
- Total: 168 vulnerabilities
How to Apply Updates
# Windows Update (GUI)
Settings > Windows Update > Check for updates
# Windows Update via PowerShell
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate -Install -AcceptAll -AutoReboot
# WSUS / SCCM environments — push KB5002697 as priority
# SharePoint specifically:
# Download KB5002697 from Microsoft Update Catalog
# Run SharePoint PSConfig wizard after installationPriority Patching Order
- SharePoint Server (CVE-2026-24983) — patch within 24 hours
- All Windows servers with Hyper-V enabled
- All Windows endpoints (CLFS privilege escalation)
- Exchange Server, Office, .NET runtime
The SudoFlare Takeaway
168 patches in a single month signals an increasingly complex attack surface. The SharePoint zero-day is particularly dangerous for enterprise environments — many organizations expose SharePoint directly to the internet. If you cannot patch immediately, restrict SharePoint access at the network perimeter and enable Web Application Firewall rules for SharePoint-specific attack patterns.
Hello,
My TikTok account (@m.riaz.80) has been hacked.
An unknown person accessed my account through a WhatsApp scam call and logged in from another device (TECNO SPARK 40 Pro). After that, the hacker changed my email and phone number and enabled 2-step verification, so now I cannot log in.
I have proof including:
– TikTok security emails
– Screenshots of unauthorized login
– WhatsApp call evidence
TikTok support is not responding properly.
Please guide me:
How can I recover my TikTok account?
And what further steps should I take to secure it?
Thank you.
Hi Fateh, since TikTok support isn’t responding, here’s how to escalate:
1. Try TikTok’s in-app recovery first — on the login screen tap “Use phone/email/username” → “Forgot password” → try recovering via your original phone number or email (before it was changed by the hacker).
2. Submit a formal hacked account report — go to https://support.tiktok.com, select “Hacked Account” and upload all your proof: security emails, screenshots of the unauthorized login, and WhatsApp call evidence. The more evidence you provide, the faster they act.
3. Escalate on social media — post publicly tagging @TikTokSupport on X (Twitter) describing your situation. Companies respond much faster to public posts than private tickets.
4. Report the device — file a cybercrime report in your country mentioning the unauthorized device (TECNO SPARK 40 Pro). This creates an official record which strengthens your appeal to TikTok.
5. Secure everything connected — immediately change passwords for any accounts linked to your old TikTok email, as the hacker may try to access those too.
Recovery typically takes 3–7 days once they review your evidence. Stay persistent and keep resubmitting if needed. Good luck, Fateh!