cve-2026-33828

CVE-2026-33828 is a critical Windows Device Health Attestation elevation-of-privilege vulnerability disclosed by Microsoft on June 9, 2026. It allows a locally authorized attacker to cross a trust boundary and gain SYSTEM privileges on affected Windows clients and servers. The vulnerability carries a CVSS score of 7.8. Device Health Attestation is a component used by enterprises to assess device trustworthiness, making this vulnerability notable because the systems designed to measure endpoint health become part of the attack surface. This tag covers discussions, analysis, and mitigation guidance for CVE-2026-33828, including its implications for enterprise security and Patch Tuesday updates.