News brief: Microsoft security vulnerabilities revealed

Zero days among the many vulnerabilities Microsoft discloses

Microsoft this week released patches for 165 vulnerabilities, two of which were zero-day flaws. One actively exploited zero day, CVE-2026-33825, affects Microsoft Defender and could grant attackers system-level privileges. Elevation-of-privilege bugs dominated the update, comprising 57% of the patches, followed by remote code execution (RCE) and information disclosure flaws.

Eight vulnerabilities were deemed critical, including CVE-2026-33824, an RCE flaw in Windows Internet Key Exchange Service Extensions. Additionally, nearly 80 Edge and Chromium patches were included, emphasizing the importance of swift browser updates.

Read the full story by Jai Vijayan on Dark Reading.

Spoofing flaw found in SharePoint

Researchers have identified active exploitation of CVE-2026-32201, a medium-severity spoofing vulnerability in SharePoint caused by improper input validation. With a CVSS score of 6.5, the flaw enables unauthorized attackers to view and modify sensitive information.

Defused, a threat intelligence firm, reported coordinated reconnaissance campaigns targeting SharePoint across four IPs between April 1 and April 11. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft issued mitigation guidance that also addressed a separate cross-site scripting vulnerability, CVE-2026-20945, which remains unexploited.

This disclosure follows the recent addition of CVE-2026-20963, a critical deserialization vulnerability with a severity score of 9.8, to the KEV catalog. The findings echo the ToolShell exploitation campaign in 2025, which targeted SharePoint vulnerabilities, including remote code injection and network spoofing flaws, affecting hundreds of customers.

Read the full article by David Jones on Cybersecurity Dive.

Hackers hit SharePoint via prompt injection

Research from AI security vendor Capsule Security highlighted the persistent threat of prompt-injection attacks in AI systems, focusing on vulnerabilities in Salesforce Agentforce and Microsoft Copilot.

The Salesforce flaw, dubbed PipeLeak, enabled attackers to embed malicious instructions into public CRM forms, leading to unauthorized data exfiltration. Similarly, the Microsoft Copilot vulnerability, named ShareLeak and tracked as CVE-2026-21520, exploited SharePoint form inputs to extract sensitive customer data.

Both attacks underscore architectural flaws in handling untrusted inputs, with Capsule recommending stricter input sanitation and manual oversight. Salesforce addressed the issue but emphasized human-in-the-loop configurations, a response criticized for undermining AI autonomy. Capsule warned that the so-called "lethal trifecta" -- AI agents with sensitive data access, external exposure to untrusted content and external communication -- poses significant risks.

Read the full article by Alexander Culafi on Dark Reading.

Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.

Phil Sweeney is an industry editor and writer focused on cybersecurity topics.