Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
AnalysisAI
Local privilege escalation in Windows Administrator Protection allows an authorized attacker with low-privilege access to bypass a security feature on affected Windows systems. The flaw stems from improper access control (CWE-284) in the Administrator Protection mechanism, and while no public exploit identified at time of analysis, the high CVSS 7.8 reflects the meaningful impact on confidentiality, integrity, and availability once the bypass is achieved. The issue was reported by Microsoft (secure@microsoft.com) and is tracked through MSRC rather than CISA KEV.
Technical ContextAI
Windows Administrator Protection is a Microsoft security feature designed to provide just-in-time administrative privileges to local users, requiring authentication for sensitive admin operations rather than granting persistent admin tokens. The underlying weakness is CWE-284 (Improper Access Control), meaning the protection layer fails to consistently enforce authorization boundaries between standard-user and admin contexts. Because Administrator Protection sits between user-mode requests and protected system resources, a defect in its access-control logic can allow operations the feature was specifically designed to gate. No specific CPE strings were published in the available NVD reference data, so exact build numbers must be retrieved from the MSRC advisory.
RemediationAI
Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42829 via Windows Update or WSUS as soon as the patch row for your specific Windows build is identified in the MSRC update guide. As a compensating control until patching, restrict local interactive logon to trusted administrative users (Group Policy: 'Allow log on locally' and 'Deny log on locally'), enforce strong endpoint controls (EDR with behavioral detection for token manipulation and UAC/Administrator Protection bypass primitives), and where operationally acceptable disable or restrict the Administrator Protection feature on hosts where it is not yet relied upon, accepting the trade-off that you lose the security benefit the feature provides. Reduce the population of accounts holding any local privileges on sensitive hosts, since the attack requires PR:L, not PR:N.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35534
GHSA-72vq-h3jr-52x8