Which is worse: a vulnerability being quietly exploited in the wild, or a researcher so frustrated they go public? For Microsoft’s April “mega Patch Tuesday,” the answer, according to The Register, came back as both.
What happened this April
The Register reported that Redmond’s April Patch Tuesday bundled a large set of fixes summarized in blunt terms: “One CVE under attack, one already disclosed by angry bug hunter, and 163 more.” The outlet said attackers had exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of that Patch Tuesday release.
The immediate facts
According to the same report, Microsoft issued a fix for a SharePoint Server spoofing vulnerability after exploitation in the wild had already been observed. Separately, The Register described one vulnerability as already disclosed by an “angry bug hunter,” and listed an additional 163 vulnerabilities addressed in the April update package.
Why it matters
For technologists: an exploit discovered in active use before a vendor fix shortens the window for defensive action and increases pressure on patch management processes.
For researchers and coordination frameworks: a public disclosure by a frustrated bug hunter illustrates tensions that can arise when disclosure timelines and vendor responses diverge.
For users and administrators: the existence of a widely distributed update package means a concentrated need to prioritize and deploy patches quickly to close exploited and publicly disclosed weaknesses.
For adversaries: active exploitation ahead of a vendor fix demonstrates a tactical opportunity to target unpatched instances until updates are broadly applied.
Reading the signs
The Register’s framing — one actively exploited CVE, one publicly disclosed by an “angry bug hunter,” and 163 additional fixes — conveys both scale and friction: scale in the number of vulnerabilities being addressed, and friction in the dynamics between researchers, attackers, and a vendor issuing a bundled response. That combination forces trade-offs for defenders, who must triage urgent, exploited flaws against a larger backlog of less-immediately dangerous but still serious issues.
Patch Tuesday is a cadence that helps coordinate responses, but when exploitation precedes the patch or when disclosure comes from an exasperated researcher, the cadence can feel less like a safety net and more like a race.
Will concentrated monthly updates be enough, or will the next exploited flaw demand a different tempo of response? The Register’s report leaves the reader with the plain facts — and the uncomfortable choice of which risk to tackle first.
https://go.theregister.com/feed/www.theregister.com/2026/04/14/microsofts_massive_patch_tuesday/




