CVE-2026-42829
Analyzed Analyzed - Analysis Complete

Improper Access Control in Windows Administrator Protection

Publication date: 2026-06-09

Last updated on: 2026-06-11

Assigner: Microsoft Corporation

Description
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-11
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-42829
EUVD
EUVD-2026-35534

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
microsoft windows_11_24h2 to 10.0.26100.8655 (exc)
microsoft windows_11_24h2 to 10.0.26100.8655 (exc)
microsoft windows_11_25h2 to 10.0.26200.8655 (exc)
microsoft windows_11_25h2 to 10.0.26200.8655 (exc)
microsoft windows_11_26h1 to 10.0.28000.2269 (exc)
microsoft windows_11_26h1 to 10.0.28000.2269 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability involves improper access control that allows an authorized attacker to bypass a security feature locally in Windows Administrator Protection.

By bypassing security features, this vulnerability could potentially lead to unauthorized access or modification of sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require strict access controls and protection of sensitive information.

However, the provided information does not explicitly detail the direct effects on compliance with these regulations.

Mitigation Strategies

To mitigate this vulnerability, apply the security updates provided by Microsoft as soon as possible to address the improper access control in Windows Administrator Protection.

Ensure that only authorized users have local access to systems, as the vulnerability requires local privileges to exploit.

Impact Analysis

The vulnerability can have a significant impact by allowing an attacker with local access and some level of authorization to bypass important security features. This can lead to high confidentiality, integrity, and availability risks on the affected system.

Executive Summary

This vulnerability involves improper access control in Windows Administrator Protection. It allows an authorized attacker to locally bypass a security feature designed to protect the system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart