diff --git a/attest/win_events.go b/attest/win_events.go
index 5e563155..28b2dafd 100644
--- a/attest/win_events.go
+++ b/attest/win_events.go
@@ -678,7 +678,7 @@ func (w *WinEvents) parseUTF16(header microsoftEventHeader, r io.Reader) (string
 	return strings.TrimSuffix(string(utf16.Decode(data)), "\x00"), nil
 }
 
-func (w *WinEvents) readELAMAggregation(rdr *bytes.Reader, header microsoftEventHeader) error {
+func (w *WinEvents) readELAMAggregation(rdr io.Reader, header microsoftEventHeader) error {
 	var (
 		r          = &io.LimitedReader{R: rdr, N: int64(header.Size)}
 		driverName string
@@ -698,6 +698,11 @@ func (w *WinEvents) readELAMAggregation(rdr *bytes.Reader, header microsoftEvent
 
 		var err error
 		switch h.Type {
+		case elamAggregation:
+			w.readELAMAggregation(r, h)
+			if r.N == 0 {
+				return nil
+			}
 		case elamKeyname:
 			if driverName != "" {
 				return errors.New("duplicate driver name in ELAM aggregation event")