SB2021030921 - Multiple vulnerabilities in Microsoft Windows Print Spooler

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-26878)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.

2) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-1640)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the Print Spooler service. A local user can create a directory junction and force the Print Spooler service to delete arbitrary files on the system. Successful exploitation of the vulnerability may result in denial of service.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26878
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640
• https://www.zerodayinitiative.com/advisories/ZDI-21-493/