Microsoft Fixes 165 Vulnerabilities, Including Exploited SharePoint Zero-Day CVE-2026-32201
Image: Una Al Día

Microsoft Fixes 165 Vulnerabilities, Including Exploited SharePoint Zero-Day CVE-2026-32201

09 July, 2026.Technology and Science.13 sources

Key Takeaways

  • Microsoft patched Defender zero-day RoguePlanet (CVE-2026-50656) after public PoC exploit.
  • Patch Tuesday delivered 165 fixes including Defender vulnerability RoguePlanet.
  • The flaw enables local privilege escalation to SYSTEM on Windows.

Patch Tuesday and zero-days

Microsoft’s April Patch Tuesday update corrected 165 security vulnerabilities, placing it in the trio of the largest bulletins of security published by the editor, and it also included a zero-day already being exploited, CVE-2026-32201, affecting SharePoint Server.

An exploitation tactic based on a zero-day flaw in Windows Defender, Microsoft's default antivirus, has just been posted online

01net01net

Le Monde Informatique said the CVE-2026-32201 flaw is actively exploited and can enable spoofing by letting a pirate impersonate a Sharepoint account through incorrect data validation.

Image from 01net
01net01net

In the same April batch, Le Monde Informatique highlighted another issue to fix urgently: CVE-2026-33824 in Windows Internet Key Exchange (IKE) Service Extensions, described as critical with a CVSS 9.8 score and capable of letting an attacker execute code remotely if not patched.

Dark Reading reported that Microsoft issued an out-of-band patch for RoguePlanet, an elevation-of-privilege vulnerability in Windows Defender tracked as CVE-2026-50656, after a proof-of-concept was published by a researcher known as "Nightmare-Eclipse."

RoguePlanet and the feud

Dark Reading said RoguePlanet received a 7.8 score from Microsoft and could allow an attacker to escalate privileges on a Windows device from a basic user to the highest SYSTEM-level access, giving complete control over the device.

The outlet described how the dispute began in April when Nightmare-Eclipse published an exploit for another privilege-escalation flaw in Windows Defender, dubbed "BlueHammer" and tracked as CVE-2026-33825, out of frustration with Microsoft’s Security Response Center (MSRC).

Image from Ars Technica
Ars TechnicaArs Technica

Le Monde Informatique, meanwhile, quoted Nick Caroll of Nightwing warning that “Le paysage des menaces en avril se caractérise par des exploitations concrètes et immédiates plutôt que par de simples vulnérabilités théoriques”.

In a separate account, LinkedIn said Microsoft released Microsoft Malware Protection Engine version 1.1.26060.3008 to remediate CVE-2026-50656 and that the fix is distributed through Defender's security intelligence infrastructure rather than waiting for a traditional Patch Tuesday release.

What defenders must do

Le Monde Informatique said the CVE-2026-33824 IKE flaw can be mitigated temporarily by blocking incoming traffic on UDP 500 and 4500 for systems that do not use IKE, or by configuring firewall rules to allow UDP 500 and 4500 only from known peer addresses.

Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday

BleepingComputerBleepingComputer

For Active Directory, Le Monde Informatique highlighted CVE-2026-33826 as critical with a CVSS 8 score, and it quoted Jack Bicer of Action1 saying the vulnerability “représente une menace directe pour l'infrastructure d'identité.”

Tech Times reported that Microsoft issued an emergency update 29 days after a proof-of-concept exploit was exposed, and it said the immediate action for security teams is to confirm Microsoft Malware Protection Engine version 1.1.26060.3008 or higher is installed on every managed endpoint.

BleepingComputer added that the RoguePlanet flaw was disclosed by Nightmare Eclipse using the handle "Nightmare Eclipse" and that Microsoft released Microsoft Malware Protection Engine 1.1.26060.3008 to address CVE-2026-50656, while also noting the researcher said the exploit worked regardless of whether real time protection was on or not.

More on Technology and Science