Windows Update rolls out as Microsoft patches 163 vulnerabilities and warns on BlueHammer

Microsoft released its April Windows update on April 15 ET, closing 163 vulnerabilities across Windows, Office, SharePoint,.NET, Visual Studio, Dynamics 365, SQL Server, Azure, Defender Antimalware Platform, PowerShell, and related services. The company is urging users to apply the patch as early as possible because two of the fixes involve issues that were publicly known before the update went out. The timing matters because a separate unpatched Windows zero-day, BlueHammer, has also been disclosed in April 2026.

Windows Update covers critical flaws across core products

The monthly security release includes fixes for software running on Windows 11, Windows Server 2025, Windows Server 2022, Windows Server 2019, and Windows Server 2016, along with remote desktop client components and related services. Microsoft said eight of the 163 vulnerabilities are rated at the highest severity level, called “critical” in the company’s four-step scale.

The most urgent fixes in this Windows Update span Windows, remote desktop client components and related services, Office, and. NET and. NET Framework. Microsoft also named two vulnerabilities that were already known publicly before the update: CVE-2026-33825, a Microsoft Defender privilege escalation issue, and CVE-2026-32201, a Microsoft SharePoint Server spoofing issue.

Why Microsoft is pressing for immediate installation

Microsoft’s warning is direct: install the patch quickly. The concern is not only the number of flaws, but the fact that two of the issues were already exposed before the release, giving attackers a head start if systems remain unpatched. In that sense, the Windows Update is both a routine maintenance cycle and a response to active risk.

Japan Microsoft, a named local arm of the company, said the update should be applied without delay. The release also reaches software beyond Windows, including Microsoft SQL Server, Azure, Defender Antimalware Platform, and PowerShell, underscoring how broad the monthly patch scope has become.

BlueHammer adds pressure on defenders

At the same time, BlueHammer has raised fresh concern in Windows environments. The unpatched zero-day is described as a flaw that allows the unauthorized seizure of SYSTEM privileges by combining legitimate Windows features, including Defender update processing, Volume Shadow Copy Service, cloud file functions, and opportunistic locks. A proof-of-concept code was published in April 2026, and multiple researchers later verified that the technique can be reproduced in practice.

BlueHammer is notable because it does not rely on kernel corruption or memory destruction. That makes detection harder and increases the value of behavioral monitoring, especially for unusual shadow copy activity, unexpected cloud file registration, and low-privilege service creation.

What security teams are watching now

Microsoft has already adjusted detection for one related executable, but researchers have said minor code changes may help evade that coverage. No patch is available for BlueHammer yet, and the attack still requires local access, though credential theft or another compromise could make that condition realistic.

The practical message from this Windows Update cycle is clear: patch immediately, monitor closely, and assume that Windows remains under pressure from both fixed vulnerabilities and an active zero-day risk. The next update window will likely be watched just as closely as Windows Update itself.