April's Patch Tuesday nearly doubled March's volume, resolving 164 vulnerabilities across Windows, Office, .NET, SharePoint, and Defender. The release contains one actively exploited zero-day, one previously disclosed zero-day, and eight Critical-rated fixes. Zero Day Initiative and CISA both flagged the batch as higher-risk than typical. Priority patches: CVE-2026-33824 (Windows IKE v2 service, CVSS 9.8, unauthenticated RCE via crafted packets) and CVE-2026-33825 (Windows Defender zero-day, dubbed BlueHammer & RedSun). Active Directory RCE CVE-2026-33826 (CVSS 8.0) completes the top-tier set. Apply the cumulative updates this cycle — do not wait for the next servicing window.