Microsoft April 2026 Security Updates

Security 10943 Published by

Microsoft's April 2026 Security Updates cover a massive list of vulnerabilities, yet the real priority involves fixing Remote Desktop and BitLocker flaws that could allow attackers to take control or bypass encryption. Several critical issues marked as exploitation more likely include holes in the Windows Boot Loader and kernel components that require immediate attention from anyone running sensitive workloads. History shows these kernel patches sometimes trigger glitches with Windows Hello or Explorer, making a system restore point essential before installation. Run the update manually through Settings and reboot immediately to ensure all security fixes load correctly without leaving the system vulnerable overnight.





April 2026 Security Updates Break Down Which Fixes Matter Most

Microsoft released the April 2026 Security Updates and there are some serious holes being plugged this month. You should prioritize installing these patches immediately if you use Remote Desktop or handle sensitive data on BitLocker drives. We break down which vulnerabilities actually require your attention versus the noise.

Critical Fixes in the April 2026 Security Updates

The patch notes highlight several flaws marked as exploitation more likely, which means attackers are actively hunting for them in the wild. Windows Boot Loader CVE-2026-0390 stands out because it allows local privilege escalation if an attacker already has access to the machine. Remote Desktop Protocol users need to pay close attention to CVE-2026-26151 since this flaw could allow unauthorized remote control without a password prompt. BitLocker encryption is also at risk with CVE-2026-27913, so anyone relying on drive protection should verify their recovery keys are backed up before applying the update.

Potential Breakage Points for Power Users

History shows that kernel patches can occasionally trip up hardware drivers or cause boot loops on older systems. It is common to see Windows Hello stop working temporarily after a security patch rolls out, requiring a restart to reinitialize the biometric service. Tech support logs often show that users who skip creating a restore point before installing these updates end up stuck in recovery mode if something goes wrong. The Windows Shell and Desktop Window Manager received multiple fixes this month, which might cause minor visual glitches or Explorer crashes for some configurations.

How to Install Without Losing Your Mind

Start by backing up important files and creating a system restore point through the Control Panel before touching anything in Settings. Navigate to Windows Update settings and check for updates manually rather than waiting for the automatic schedule to trigger. If the machine is part of a domain, group policy might delay these changes until IT approves them, so patience is required in enterprise environments. Once installed, reboot the system immediately to ensure all kernel-level fixes are loaded correctly into memory.

April 2026 Security Updates

This release consists of the following 165 Microsoft CVEs:

TagCVEBase Score
Windows Boot Loader CVE-2026-03906.7
Windows COM CVE-2026-208065.5
Windows Recovery Environment Agent CVE-2026-209284.6
Windows Management Services CVE-2026-209307.8
Microsoft Office SharePoint CVE-2026-209454.6
GitHub Copilot and Visual Studio Code CVE-2026-236535.7
Microsoft Office Word CVE-2026-236577.8
.NET Framework CVE-2026-236667.5
Windows Virtualization-Based Security (VBS) Enclave CVE-2026-236705.7
Applocker Filter Driver (applockerfltr.sys) CVE-2026-251847.0
Microsoft PowerShell CVE-2026-261437.8
Microsoft Power Apps CVE-2026-261499.0
Windows Remote Desktop CVE-2026-261517.1
Windows Cryptographic Services CVE-2026-261527.0
Windows Encrypting File System (EFS) CVE-2026-261537.8
Windows Server Update Service CVE-2026-261547.5
Windows Local Security Authority Subsystem Service (LSASS) CVE-2026-261556.5
Role: Windows Hyper-V CVE-2026-261567.8
Windows Remote Desktop Licensing Service CVE-2026-261597.8
Windows Remote Desktop Licensing Service CVE-2026-261607.8
Windows Sensor Data Service CVE-2026-261617.8
Windows OLE CVE-2026-261627.8
Windows Kernel CVE-2026-261637.8
Windows Shell CVE-2026-261657.0
Windows Shell CVE-2026-261667.0
Windows Push Notifications CVE-2026-261678.8
Windows Ancillary Function Driver for WinSock CVE-2026-261687.8
Windows Kernel Memory CVE-2026-261696.1
Microsoft PowerShell CVE-2026-261707.8
.NET CVE-2026-261717.5
Windows Push Notifications CVE-2026-261727.8
Windows Ancillary Function Driver for WinSock CVE-2026-261737.0
Windows Server Update Service CVE-2026-261747.0
Windows Boot Manager CVE-2026-261754.6
Windows Client Side Caching driver (csc.sys) CVE-2026-261767.8
Windows Ancillary Function Driver for WinSock CVE-2026-261777.0
Windows Advanced Rasterization Platform CVE-2026-261788.8
Windows Kernel CVE-2026-261797.8
Windows Kernel CVE-2026-261807.8
Microsoft Brokering File System CVE-2026-261817.8
Windows Ancillary Function Driver for WinSock CVE-2026-261827.0
Windows RPC API CVE-2026-261837.8
Windows Projected File System CVE-2026-261847.8
Windows Hello CVE-2026-279064.4
Windows Storage Spaces Controller CVE-2026-279077.8
Windows TDI Translation Driver (tdx.sys) CVE-2026-279087.0
Microsoft Windows Search Component CVE-2026-279097.8
Windows Installer CVE-2026-279107.8
Windows User Interface Core CVE-2026-279117.8
Windows Kerberos CVE-2026-279128.0
Windows BitLocker CVE-2026-279137.7
Microsoft Management Console CVE-2026-279147.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-279157.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-279167.8
Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) CVE-2026-279177.0
Windows Shell CVE-2026-279187.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-279197.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-279207.8
Windows TCP/IP CVE-2026-279217.0
Windows Ancillary Function Driver for WinSock CVE-2026-279227.0
Desktop Window Manager CVE-2026-279237.8
Desktop Window Manager CVE-2026-279247.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-279256.5
Windows Cloud Files Mini Filter Driver CVE-2026-279267.0
Windows Projected File System CVE-2026-279277.8
Windows Hello CVE-2026-279288.7
Windows LUAFV CVE-2026-279297.0
Windows GDI CVE-2026-279305.5
Windows GDI CVE-2026-279315.5
Windows SSDP Service CVE-2026-320687.0
Windows Projected File System CVE-2026-320697.8
Windows Common Log File System Driver CVE-2026-320707.0
Windows Local Security Authority Subsystem Service (LSASS) CVE-2026-320717.5
Windows Active Directory CVE-2026-320726.2
Windows Ancillary Function Driver for WinSock CVE-2026-320737.0
Windows Projected File System CVE-2026-320747.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-320757.0
Windows Storage Spaces Controller CVE-2026-320767.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-320777.8
Windows Projected File System CVE-2026-320787.8
Windows File Explorer CVE-2026-320795.5
Windows WalletService CVE-2026-320807.0
Windows File Explorer CVE-2026-320815.5
Windows SSDP Service CVE-2026-320827.0
Windows SSDP Service CVE-2026-320837.0
Windows File Explorer CVE-2026-320845.5
Windows Remote Procedure Call CVE-2026-320855.5
Function Discovery Service (fdwsd.dll) CVE-2026-320867.0
Function Discovery Service (fdwsd.dll) CVE-2026-320877.0
Windows Biometric Service CVE-2026-320886.1
Windows Speech Brokered Api CVE-2026-320897.8
Windows Speech Brokered Api CVE-2026-320907.8
Microsoft Brokering File System CVE-2026-320918.4
Function Discovery Service (fdwsd.dll) CVE-2026-320937.0
Role: Windows Hyper-V CVE-2026-321497.3
Function Discovery Service (fdwsd.dll) CVE-2026-321507.0
Windows Shell CVE-2026-321516.5
Desktop Window Manager CVE-2026-321527.8
Microsoft Windows Speech CVE-2026-321537.8
Desktop Window Manager CVE-2026-321547.8
Desktop Window Manager CVE-2026-321557.8
Windows Universal Plug and Play (UPnP) Device Host CVE-2026-321567.4
Remote Desktop Client CVE-2026-321578.8
Windows Push Notifications CVE-2026-321587.8
Windows Push Notifications CVE-2026-321597.8
Windows Push Notifications CVE-2026-321607.8
Windows COM CVE-2026-321628.4
Windows User Interface Core CVE-2026-321637.8
Windows User Interface Core CVE-2026-321647.8
Windows User Interface Core CVE-2026-321657.8
SQL Server CVE-2026-321676.7
Azure Monitor Agent CVE-2026-321687.8
Azure Logic Apps CVE-2026-321718.8
SQL Server CVE-2026-321766.7
.NET CVE-2026-321787.5
Microsoft Windows CVE-2026-321815.5
Windows Snipping Tool CVE-2026-321837.8
Microsoft High Performance Compute Pack (HPC) CVE-2026-321847.8
Microsoft Office Excel CVE-2026-321887.1
Microsoft Office Excel CVE-2026-321897.8
Microsoft Office CVE-2026-321908.4
Azure Monitor Agent CVE-2026-321927.8
Windows Kernel CVE-2026-321957.0
Windows Admin Center CVE-2026-321966.1
Microsoft Office Excel CVE-2026-321977.8
Microsoft Office Excel CVE-2026-321987.8
Microsoft Office Excel CVE-2026-321997.8
Microsoft Office PowerPoint CVE-2026-322007.8
Microsoft Office SharePoint CVE-2026-322016.5
Windows Shell CVE-2026-322024.3
.NET and Visual Studio CVE-2026-322037.5
Universal Plug and Play (upnp.dll) CVE-2026-322125.5
Universal Plug and Play (upnp.dll) CVE-2026-322145.5
Windows Kernel CVE-2026-322155.5
Windows Redirected Drive Buffering CVE-2026-322165.5
Windows Kernel CVE-2026-322175.5
Windows Kernel CVE-2026-322185.5
Microsoft Brokering File System CVE-2026-322197.0
Windows Virtualization-Based Security (VBS) Enclave CVE-2026-322204.4
Microsoft Graphics Component CVE-2026-322218.4
Windows Win32K - ICOMP CVE-2026-322227.8
Windows USB Print Driver CVE-2026-322236.8
Windows Server Update Service CVE-2026-322247.0
Windows Shell CVE-2026-322258.8
.NET Framework CVE-2026-322265.9
Microsoft Office Word CVE-2026-330957.8
Windows HTTP.sys CVE-2026-330967.5
Windows Container Isolation FS Filter Driver CVE-2026-330987.8
Windows Ancillary Function Driver for WinSock CVE-2026-330997.0
Windows Ancillary Function Driver for WinSock CVE-2026-331007.0
Windows Print Spooler Components CVE-2026-331017.8
Microsoft Dynamics 365 (on-premises) CVE-2026-331035.5
Windows Win32K - GRFX CVE-2026-331047.0
Microsoft Office Word CVE-2026-331148.4
Microsoft Office Word CVE-2026-331158.4
.NET, .NET Framework, Visual Studio CVE-2026-331167.5
Microsoft Edge (Chromium-based) CVE-2026-331184.3
Microsoft Edge (Chromium-based) CVE-2026-331195.4
SQL Server CVE-2026-331208.8
Microsoft Office Word CVE-2026-338226.1
Windows IKE Extension CVE-2026-338249.8
Microsoft Defender CVE-2026-338257.8
Windows Active Directory CVE-2026-338268.0
Windows TCP/IP CVE-2026-338278.1
Windows Snipping Tool CVE-2026-338294.3

Win10

Security Update Guide - Microsoft Security Response Center

Stay safe out there and keep those backups fresh.

XanMod Kernel 7.0 released

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...