Main Vulnerability Database Vulnerabilities #VU51304

#VU51304 Time-of-check Time-of-use (TOCTOU) Race Condition in Windows and Windows Server - CVE-2021-1640

Published: March 9, 2021 / Updated: April 30, 2021

Vulnerability identifier: #VU51304

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-1640

CWE-ID: CWE-367

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the Print Spooler service. A local user can create a directory junction and force the Print Spooler service to delete arbitrary files on the system. Successful exploitation of the vulnerability may result in denial of service.

Remediation

Install updates from vendor's website.

#VU51304 Time-of-check Time-of-use (TOCTOU) Race Condition in Windows and Windows Server - CVE-2021-1640

Description

Remediation

External links

Please verify you're human