Full Report
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. The post Microsoft drops its second-largest monthly batch of defects on record appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Microsoft Office SharePoint Improper Input Validation
## CVE Details
- **CVE ID:** CVE-2026-32201
- **CVSS Score:** 6.5 (Medium/High)
- **CWE:** Improper Input Validation (Spoofing)
## Affected Systems
- **Products:** Microsoft Office SharePoint
- **Versions:** Not explicitly detailed in the report (Refer to Microsoft Security Update Guide for April 2026 for specific build numbers).
- **Configurations:** Systems running SharePoint Server or SharePoint services where unauthenticated network access is permitted.
## Vulnerability Description
CVE-2026-32201 is a zero-day vulnerability resulting from improper input validation within Microsoft Office SharePoint. The flaw allows an unauthenticated attacker to perform spoofing attacks over a network. Technically, this enables an adversary to manipulate or view sensitive information and make unauthorized changes to disclosed data by bypassing standard validation checks.
## Exploitation
- **Status:** Exploited in the wild (Actively exploited zero-day).
- **Complexity:** Low (Based on the "unauthenticated" nature of the attack).
- **Attack Vector:** Network.
## Impact
- **Confidentiality:** Moderate (Allows attackers to view sensitive/disclosed information).
- **Integrity:** Moderate (Allows attackers to make changes to information).
- **Availability:** Not explicitly specified, though the primary impact is focused on spoofing and data manipulation.
## Remediation
### Patches
- Microsoft addressed this vulnerability in the **April 2026 Patch Tuesday** update. Administrators should apply the cumulative security updates for their specific SharePoint version immediately.
### Workarounds
- No specific workarounds were provided in the article; however, CISA recommends prioritizing the patching of this vulnerability as it is listed in the Known Exploited Vulnerabilities (KEV) catalog.
## Detection
- **Indicators of Compromise:** Look for anomalous network traffic targeting SharePoint endpoints and unauthorized modifications to SharePoint site content or metadata.
- **Detection methods and tools:**
- Review SharePoint audit logs for unusual unauthenticated requests.
- CISA’s KEV catalog can be used to track this vulnerability for organizational compliance.
- Vulnerability scanners should be updated with the latest April 2026 definitions.
## References
- **Vendor Advisory:** [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201)
- **CISA KEV Catalog:** [https://www.cisa.gov/known-exploited-vulnerabilities-catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
- **ZDI Analysis:** [https://www.zerodayinitiative.com/blog/2026/4/14/the-april-2026-security-update-review](https://www.zerodayinitiative.com/blog/2026/4/14/the-april-2026-security-update-review)
***
**Note on Additional Vulnerability:** The report also highlighted **CVE-2026-33825**, a high-severity (Elevation of Privilege) flaw in **Microsoft Defender**. While not a zero-day, it has **publicly available PoC code** and is considered "more likely to be exploited." It allows local attackers to gain full system control.