April 2026 Windows Update — 167 Fixes and 2 Zero-Days, Install It Now
Microsoft's April 2026 Patch Tuesday landed on April 14th, and it's a monster. 167 security vulnerabilities patched, 8 rated Critical, and 2 zero-days that attackers are already using in real-world attacks. If you haven't restarted your PC since last week, do it today.
Here's the short version of what was fixed, why it matters, and how to get it installed.
The Two Zero-Days (The Ones Being Exploited Right Now)
A zero-day is a flaw that attackers were using before Microsoft had a patch ready. Every day your PC sits without this update is another day those attacks work on it.
2 zero-days — actively exploited
The Other Scary Ones
Beyond the zero-days, these are the Critical flaws that stand out:
- CVE-2026-33824 — Windows IKE remote code execution. A memory bug in the Internet Key Exchange service that an unauthenticated attacker can exploit over the network. No login needed, no user interaction — just being on a hostile network is enough.
- CVE-2026-33827 — Windows TCP/IP race condition. A flaw in the core networking stack of Windows itself. Rare to see critical TCP/IP bugs these days, and they're always worth taking seriously.
- Word and Excel remote code execution (multiple CVEs). An attacker sends a malicious document and just viewing it in the preview pane — in Outlook or File Explorer — is enough to run their code on your PC. You don't have to open anything.
That last one is why "I don't click dodgy links" isn't enough anymore. You don't have to click. You just have to look.
How to Install It
- Open Settings (press Windows key + I)
- Click Windows Update (Windows 11) or Update & Security (Windows 10)
- Click Check for updates
- Let it download and install — typically 10–30 minutes depending on your PC and connection
- Restart when prompted — the fixes don't take effect until you do. Don't let the "restart pending" notification sit there all week
KB5083769 (for 24H2 and 25H2). If you want to check it's installed, go to Settings → Windows Update → Update history and look for that number.
Remote Desktop Got a Security Upgrade Too
On top of the vulnerability fixes, Microsoft added new protections against phishing attacks delivered via .rdp files. These are Remote Desktop shortcut files that scammers have been emailing people to trick them into connecting to an attacker-controlled machine. If you've ever received a random .rdp file in an email, you'll know why this matters. After this update, Windows is more cautious about what those files are allowed to do.
Still on Windows 10?
Windows 10 support officially ended in October 2025, but this month's update (KB5082200) is still being delivered to PCs enrolled in the free Extended Security Updates (ESU) programme. If you haven't signed up for ESU yet, you're not getting any of these fixes — and the gap between what's patched on your PC and what attackers know about widens every month.
The free ESU runs until October 2026. After that, Windows 10 is completely unprotected for home users unless you pay for it.
If Updates Are Failing
A PC that can't update is a PC that can't protect itself. If Windows Update is stuck, giving error codes, or looping endlessly — that's a repair job in itself. Common causes are low disk space, corrupted update files, or old antivirus software clashing with Defender. See my guide on common PC problems or how to speed up a slow Windows 11 PC if disk space is the issue.
For the full technical details, Bleeping Computer's breakdown covers every CVE, and Krebs on Security has analysis of the most important ones.
Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google
Updates failing or something not right?
If Windows Update is stuck, your PC is running worse since you installed, or you're not sure you're protected — get in touch and I'll sort it.