April 2026 Patch Tuesday forecast: Spring-cleaning of a preview

I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities associated with it and realized it was good precursor to some themes at RSAC this year. AI was certainly the focus this year, with almost everyone having some form of AI connection to their products (some maybe just on paper?). But I think the biggest message, especially while we are in the early days of adoption, is the importance of human oversight or keeping a ‘human in the loop’ as stated in several presentations.

AI can add lots of value in many situations, but sometimes it comes to the wrong conclusions despite providing it with all the information it needs. We’re still in the ‘trust but verify’ phase of the new era. Enough about that, let’s take a look at what’s happened in the last month you need to be aware of.

Microsoft fixes faulty Windows 11 preview update

Microsoft preview patch users had a bit of a rough ride this month. Users installing the first release of the Windows 11 24H2 and 25H2 OS preview patches from KB5079391 quickly ran into an issue with warning messages of missing files and other error messages. Microsoft eventually pulled the KB and re-issued the preview updates as out-of-band (OOB) KB5086672.

As expected, the update per Microsoft “includes the improvements and features that were introduced in the March 26, 2026 non-security preview update (KB5079391), along with a fix for an installation issue that affected some devices”. It’s much better to get this issue cleaned up in the preview patch than when full release drops on Patch Tuesday.

There were two issues resolved in Outlook Classic this month with OOB updates. The first issue was determined to be a conflict between the latest version of the Teams Meeting add-in from March Patch Tuesday and some older versions of Outlook. Microsoft fixed the problem in Teams and also encouraged users to upgrade to the latest version of Outlook.

The second issue dated back to February 26, when Microsoft found Outlook Classic stopped synchronizing with Gmail and Yahoo accounts. The issue has been fixed in Microsoft 365, but Microsoft provided some initial Support details in case you still run into continuing issues even after you update your passwords.

SaRA tool retired, replaced by Get Help

It’s hard to believe, but the Home and Pro editions of Windows 11 24H2 are scheduled to reach EOL on October 13, 2026. Microsoft announced on March 27th, that “Devices running Home and Pro editions of Windows 11, version 24H2 that are not managed by IT departments will receive the Windows 11, version 25H2 update automatically. You can choose the time to restart your device or postpone the update.” If you have any of these devices in your organization that you don’t want upgraded automatically, you’ll need to bring them under direct control immediately so they can receive the final 6 months of normal security support.

Microsoft deprecated the Support and Recovery Assistant (SaRA) from all currently supported operating systems with the March set of Patch Tuesday OS updates. While this tool has been around for a long time, it did have several security weaknesses which Microsoft wanted to remove. In its place, we now have Get Help available. It comes in both a full version with a user interface and a command line and script version you can run with Powershell. This tool is primarily designed to troubleshoot Microsoft Office, Microsoft 365, and Microsoft Outlook.

Google issues fourth zero-day Chrome update of 2026

No, it wasn’t an April Fools joke when Google released their 4th zero-day update for the year. This update was 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux. It addressed 21 CVEs with 19 rated High and 2 Medium. But most importantly, CVE-2026-5281 reported as Use After Free in Dawn, is known to be exploited in the wild.

Per Google, “Dawn is meant to be integrated as part of a larger system and is the underlying implementation of WebGPU in Chromium.” Google did not provide details on the actual exploits.

April 2026 Patch Tuesday forecast

• We may see fewer updates this month from Microsoft. We’ve had recent SQL Server, Exchange Server and .NET updates, so I think Microsoft will be focusing on the regular Windows OS and Office updates this month.
• The Adobe rotation for Creative Cloud Apps updates will most likely contain Photoshop, and InDesign, Audition, and perhaps a few others.
• Apple released Tahoe 26.4, Sequoia 15.7.5, and Sonoma 14.8.5 on March 24th, which addressed a large number of CVEs in each OS. If you haven’t rolled those out, you should include them in the monthly deployment soon.
• Google has been busy this week with development releases dropping for all their products. Patch Tuesday may be a little early for a stable release but watch carefully for them to drop late on Patch Tuesday. As usual, keep those browsers patched as I mentioned the major zero-day update earlier.
• Mozilla released Firefox 149.0.2, Firefox ESR 140.9.1, Firefox ESR 115.34.1, Thunderbird 149.0.2, and Thunderbird ESR 140.9.1 on April 7th, so it should be quiet next week, but make sure you have these deployed already.

Many users feel they are often beta testing the Patch Tuesday Microsoft updates each month rather than applying validated software on their systems. And while the OS preview patches are meant to test and validate upcoming non‑security fixes early, this month they required an early spring-cleaning to get them up and running before the testing could even begin.