Primary

Context

Microsoft Azure Attestation and Device Health Attestation Service Spoofing Vulnerability

Vulnerability

A spoofing vulnerability has been identified in the Microsoft Azure Attestation service and the Device Health Attestation Service. This issue arises from improper input validation, which allows an authorized attacker to perform spoofing through a physical attack.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing actions, potentially allowing attackers to manipulate or falsify information or identities within the affected services.

Remediation

Microsoft has already deployed a service-side fix for this vulnerability in Azure Attestation. No customer patching or update installation is required. For the Device Health Attestation Service, users should consult the Microsoft Update Catalog for available security updates.

Added: Jun 9, 2026, 5:51 PM

Updated: Jun 9, 2026, 5:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

1.4

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

1.4

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Attestation and Device Health Attestation Service Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Azure Attestation

Microsoft Device Health Attestation

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating