Skip to main content

Windows Administrator Protection EUVDEUVD-2026-35534

| CVE-2026-42829 HIGH
Improper Access Control (CWE-284)
2026-06-09 secure@microsoft.com GHSA-72vq-h3jr-52x8
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:37 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

AnalysisAI

Local privilege escalation in Windows Administrator Protection allows an authorized attacker with low-privilege access to bypass a security feature on affected Windows systems. The flaw stems from improper access control (CWE-284) in the Administrator Protection mechanism, and while no public exploit identified at time of analysis, the high CVSS 7.8 reflects the meaningful impact on confidentiality, integrity, and availability once the bypass is achieved. The issue was reported by Microsoft (secure@microsoft.com) and is tracked through MSRC rather than CISA KEV.

Technical ContextAI

Windows Administrator Protection is a Microsoft security feature designed to provide just-in-time administrative privileges to local users, requiring authentication for sensitive admin operations rather than granting persistent admin tokens. The underlying weakness is CWE-284 (Improper Access Control), meaning the protection layer fails to consistently enforce authorization boundaries between standard-user and admin contexts. Because Administrator Protection sits between user-mode requests and protected system resources, a defect in its access-control logic can allow operations the feature was specifically designed to gate. No specific CPE strings were published in the available NVD reference data, so exact build numbers must be retrieved from the MSRC advisory.

RemediationAI

Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42829 via Windows Update or WSUS as soon as the patch row for your specific Windows build is identified in the MSRC update guide. As a compensating control until patching, restrict local interactive logon to trusted administrative users (Group Policy: 'Allow log on locally' and 'Deny log on locally'), enforce strong endpoint controls (EDR with behavioral detection for token manipulation and UAC/Administrator Protection bypass primitives), and where operationally acceptable disable or restrict the Administrator Protection feature on hosts where it is not yet relied upon, accepting the trade-off that you lose the security benefit the feature provides. Reduce the population of accounts holding any local privileges on sensitive hosts, since the attack requires PR:L, not PR:N.

Share

EUVD-2026-35534 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy