Andrew ReynoldsMicrosoft released its April 2026 Patch Tuesday update on 14 April 2026, fixing 167 security vulnerabilities — including two actively exploited zero-day flaws — in Windows 10 and Windows 11. For Australian businesses and home users, the update is not optional: two of the patched vulnerabilities allow remote code execution, meaning an unpatched machine can be compromised without the user doing anything other than connecting to the internet.
The update (KB5083769 for Windows 11 versions 24H2 and 25H2) has been rolling out automatically since Monday night Australian time, but many systems — particularly those managed by IT departments with update deferral policies — may not have received it yet.
What the Patch Fixes
Of the 167 vulnerabilities addressed, security researchers have flagged several as particularly serious for Australian organisations:
Two zero-day exploits were already being actively used by attackers before Microsoft issued the patch. Zero-day vulnerabilities are especially dangerous because they are being exploited in the wild before a fix exists — meaning any organisation that has delayed patching may already be compromised.
Remote Code Execution (RCE) flaws in Windows components allow attackers to execute malicious code on a victim's machine remotely. According to Microsoft's security bulletin, at least 11 of the April patches address RCE vulnerabilities rated "Critical."
Privilege escalation vulnerabilities allow malware that has already gained a foothold on a system to escalate to administrator-level access, making it harder to remove and enabling deeper damage.
For context, the Australian Cyber Security Centre (ACSC) has consistently identified unpatched software as one of the top three entry points for cyber attacks on Australian businesses. The ACSC's Essential Eight — the government's baseline cybersecurity framework — lists patching operating systems as the second most critical mitigation strategy.
The Secure Boot Deadline You Cannot Ignore
Beyond this month's patch, the April update also begins the process of addressing a looming crisis: Secure Boot digital certificates used by the majority of Windows devices are set to expire starting June 2026.
Secure Boot is the mechanism that prevents unauthorised software from loading when a computer starts up. If the certificates expire without renewal, devices that miss future updates could lose Secure Boot protection — leaving them more vulnerable to bootkit malware and ransomware attacks at the firmware level.
Microsoft has confirmed the certificate renewal is being handled through the Windows Update system, but organisations running Windows devices that have been disconnected from updates for extended periods — common in manufacturing, healthcare, and education environments — face a concrete deadline. By mid-June 2026, any unmanaged Windows device could have a degraded security posture.
For Australian SMEs, this is not an abstract technical issue. Bootkit ransomware — which attacks the boot process rather than the operating system — has been the delivery mechanism of choice for several high-profile attacks on Australian businesses in 2025, including incidents in the retail and logistics sectors.
What Australian Businesses Should Do Immediately
1. Verify patch status across all devices Check which devices have received KB5083769 (Windows 11) or KB5082200 (Windows 10 Extended Security Updates). In a managed environment, your IT administrator can pull this from Windows Server Update Services (WSUS) or Microsoft Intune.
2. Identify unmanaged or air-gapped devices Manufacturing plants, point-of-sale terminals, medical imaging equipment, and other specialised Windows devices often fall outside standard patch management. These need individual attention before the Secure Boot deadline in June.
3. Review update deferral policies Many businesses defer Windows updates by 2–4 weeks to avoid productivity disruptions. Given the severity of the zero-day vulnerabilities in this patch, security teams should consider reducing or eliminating the deferral window for April's update.
4. Audit legacy Windows 10 devices Windows 10 reaches end of standard support in October 2025, and many Australian businesses are still running it under Extended Security Update (ESU) licences. If you are paying for ESUs, confirm the April update is being applied; if you are not, these devices are receiving no security patches at all.
5. Communicate with staff Employees sometimes cancel or postpone Windows update prompts when they appear inconvenient. A brief internal communication reminding staff to allow updates to complete — particularly for the current cycle — can meaningfully reduce exposure.
When to Call an IT Specialist
Applying Windows updates is straightforward for individual home users. For businesses, the calculus is more complex: patch testing, compatibility with line-of-business software, rollback planning, and device lifecycle management are all considerations that can go wrong without proper IT expertise.
If your business operates with more than 10 Windows devices, relies on Windows for critical operations, or is in a regulated industry such as financial services, healthcare, or legal services — all of which have their own data protection obligations under Australian law — the April 2026 patch cycle is a sensible trigger to review your overall cybersecurity posture with a qualified IT professional.
An experienced IT specialist can conduct a patch audit, identify gaps in your update management process, and help establish a defensible baseline against the ACSC's Essential Eight framework. For businesses that have experienced a cyber incident in the past 12 months, this month's zero-day fixes make professional guidance particularly timely.
Cyber insurance claims in Australia frequently hinge on whether reasonable precautions were taken. Documented, timely patch management is one of the clearest demonstrations of due diligence available to businesses.
The Australian Cyber Security Centre publishes free guidance on the Essential Eight framework, including specific recommendations for operating system patching schedules and assessment tools for businesses of all sizes.
