PatchSiren cyber security CVE debrief
CVE-2026-45642 Microsoft CVE debrief
CVE-2026-45642 is a LOW-severity vulnerability in Microsoft Azure Attestation service and Device Health Attestation Service. It allows an authorized attacker to perform spoofing with a physical attack due to improper input validation. The vulnerability was published on 2026-06-09 and modified on 2026-06-11.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- LOW 3.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of Microsoft Azure Attestation service and Device Health Attestation Service should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 3.9 and a CVSS severity of LOW. The CVSS vector is CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. The weakness is CWE-20.
Defensive priority
This vulnerability requires attention, but its LOW severity and specific attack requirements suggest that it may not be a high priority for immediate action.
Recommended defensive actions
- Apply patches or updates provided by Microsoft to fix the vulnerability.
- Review and update configurations for Microsoft Azure Attestation service and Device Health Attestation Service to ensure proper input validation.
- Monitor systems for potential spoofing attempts.
Evidence notes
The CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2026-45642 CVE record
CVE.org
-
CVE-2026-45642 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45642 was published on 2026-06-09 and modified on 2026-06-11.