Article

Security Alert: Microsoft Security Updates - April 2026

Microsoft has released April 2026 security updates to fix 167 vulnerabilities, including two zero-day flaws (CVE-2026-32201 and CVE-2026-33825), one of which is already being actively exploited.

These updates apply to, but are not limited to:

Windows 11
Microsoft SQL Server 2022, 2025
Microsoft Office 2021, 2024
Microsoft Edge

Security Risks

Successful exploitation of these vulnerabilities could allow threat actors to execute malicious code, escalate privileges, access sensitive data, or disrupt system operations, potentially leading to full compromise of affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2
Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.
Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026 and Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

21 April 2026

More updates

21 April 2026

Security Alert: Fortinet Security Updates - April 2026

Fortinet has released a security update addressing multiple vulnerabilities in its products.

15 April 2026

Security Alert: Cisco Security Updates - April 2026

Cisco has released multiple security updates to address vulnerabilities affecting several of its products.

15 April 2026

Alert: Adobe Security Updates – April 2026

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS.

26 March 2026

Security Alert: Unauthenticated RCE in Oracle Identity Manager and Oracle Web Services Manager (CVE-2026-21992)

A critical security vulnerability has been identified in Oracle Identity Manager and Oracle Web Services Manager.

Microsoft has released April 2026 security updates to fix 167 vulnerabilities, including two zero-day flaws (CVE-2026-32201 and CVE-2026-33825), one of which is already being actively exploited.

These updates apply to, but are not limited to:

Windows 11

Microsoft SQL Server 2022, 2025

Microsoft Office 2021, 2024

Microsoft Edge

Security Risks

Successful exploitation of these vulnerabilities could allow threat actors to execute malicious code, escalate privileges, access sensitive data, or disrupt system operations, potentially leading to full compromise of affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2

Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.

Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026 and Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

Microsoft April 2026 Security Release Notes

Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days

Microsoft Ending Support in 2026

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224