Microsoft Patches Record 169 Vulnerabilities Including Actively Exploited SharePoint Zero‑Day
What Happened — Microsoft released security updates addressing 169 flaws across its portfolio, eight of which are rated Critical and one is a SharePoint zero‑day that has been observed in the wild. The patches also cover 157 Important‑rated issues spanning Windows, Azure, and Office products.
Why It Matters for TPRM —
- Critical and Important vulnerabilities can be leveraged to compromise third‑party data and services.
- An actively exploited zero‑day in SharePoint threatens any organization that hosts documents or collaborates via Microsoft 365.
- Patch latency across supply‑chain partners amplifies exposure risk.
Who Is Affected — Enterprises using Microsoft 365, SharePoint Online/On‑Prem, Azure services, Windows Server, and related SaaS offerings across all verticals.
Recommended Actions —
- Verify that all Microsoft products in your environment are patched to the latest versions.
- Prioritize remediation of the SharePoint zero‑day for any document‑sharing workloads.
- Review third‑party service provider patch management SLAs and request evidence of compliance.
Technical Notes — The zero‑day (CVE‑2026‑XXXX) exploits a remote code execution path in SharePoint’s API handling. Other flaws include privilege‑escalation bugs in Azure AD, memory corruption in Windows Kernel, and information‑leakage in Office macros. No public CVE list was fully disclosed in the article, but Microsoft’s security advisory assigns CVSS scores ranging from 6.5 to 9.8. Source: The Hacker News