Skip to main content

Windows Attestation CVE-2026-33828

| EUVDEUVD-2026-35657 HIGH
Trust Boundary Violation (CWE-501)
2026-06-09 secure@microsoft.com GHSA-vw3f-64x5-vmq4
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:31 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Windows Attestation allows an authenticated local user with low privileges to gain elevated permissions on the host through a trust boundary violation (CWE-501). The flaw is rated CVSS 7.8 with high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. The issue is tagged as Information Disclosure by the reporter, but the CVSS vector indicates full system compromise potential once exploited.

Technical ContextAI

Windows Attestation refers to Microsoft's platform attestation components (such as device health attestation and TPM-backed attestation services) that establish trust between a Windows endpoint and verifying parties about boot state, code integrity, and configuration. The root cause is classified as CWE-501 (Trust Boundary Violation), meaning code on one side of a security boundary improperly trusts data, tokens, or state originating from the other side - in this case, a low-privileged local context appears able to influence or assert state that should only be controlled by a higher-privileged component. Because attestation outputs are consumed by downstream access decisions (Conditional Access, BitLocker network unlock, Credential Guard, etc.), a violation here can let an attacker pivot from local code execution into privileged system contexts.

RemediationAI

Apply the Microsoft security update for CVE-2026-33828 as listed on the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33828; patch status is best described as 'Patch available per vendor advisory' since the provided data does not include a specific KB or fix build. Until the patch is deployed, reduce exposure by limiting which users can run unmanaged code on attestation-relevant endpoints (enforce standard-user accounts, AppLocker or WDAC code-integrity policies, and LAPS for local admin rotation) so the AV:L/PR:L precondition is harder to satisfy; the trade-off is operational friction for power users and developers. Where attestation outputs feed Conditional Access or BitLocker network unlock, monitor for unexpected health-attestation results from individual devices and consider tightening the compliance policy to fail-closed, accepting the side effect that legitimate devices with transient TPM issues may be temporarily blocked.

Share

CVE-2026-33828 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy