Skip to main content

Windows Event Logging Service CVE-2026-33834

| EUVDEUVD-2026-29581 HIGH
Improper Access Control (CWE-284)
2026-05-12 microsoft GHSA-g982-rv37-97r8
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 18:31 vuln.today
CVE Published
May 12, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Windows Event Logging Service privilege escalation allows local authenticated attackers with low-level privileges to gain SYSTEM-level control across Windows 10, Windows 11, and Windows Server 2012+ environments. The vulnerability requires no user interaction and has low attack complexity (AC:L), making exploitation straightforward once initial access is obtained. Microsoft has released patches via their March 2026 security updates, and exploitation requires only standard user credentials on vulnerable systems. CVSS 7.8 HIGH severity with complete compromise of confidentiality, integrity, and availability upon successful exploitation.

Technical ContextAI

The Windows Event Logging Service (EventLog) is a core operating system component responsible for centralized logging and event management across Windows platforms. This vulnerability stems from improper access control (CWE-284), a weakness where the service fails to properly restrict operations on critical resources or objects. The flaw allows low-privileged users to manipulate service internals or invoke privileged operations without proper authorization checks. Given the EventLog service typically runs with SYSTEM privileges and has deep integration with kernel-mode components and security subsystems, improper access control creates a direct pathway from low-privilege user context to administrative control. The affected CPE strings indicate widespread impact across all supported Windows client and server versions from Windows 10 1607 (released 2016) through the latest Windows 11 26H1 preview builds and Windows Server 2012 deployments still in extended support.

RemediationAI

Apply the vendor-released security updates from Microsoft's March 2026 Patch Tuesday release immediately, prioritizing domain controllers, privileged access workstations, and internet-facing systems with interactive user access. Download patches through Windows Update, WSUS, or Microsoft Update Catalog referencing CVE-2026-33834 and associated KB articles listed in https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33834. For environments unable to patch immediately, implement compensating controls including restricting interactive logon rights to only essential personnel (remove local user accounts from workstations, enforce domain-only authentication), deploying application whitelisting to prevent unauthorized executable launch from user contexts, enabling Windows Event Log forwarding with tamper-protection to detect exploitation attempts, and monitoring for unusual service account activity or privilege use events (Event IDs 4672, 4673, 4674). Note that disabling the Event Logging Service is NOT viable as it breaks fundamental Windows functionality including security auditing and application compatibility. Compensating controls provide only partial risk reduction and should be considered temporary measures pending full patch deployment.

Share

CVE-2026-33834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy