CVE-2024-21433

Q: What is the severity of CVE-2024-21433?

CVE-2024-21433 has a CVSS score of 7.0 (HIGH). This vulnerability allows attackers to elevate privileges on Windows systems by exploiting the Print Spooler service. Attackers could gain SYSTEM-level access on affected Windows versions. This affects Windows systems with Print Spooler enabled.

7.0 HIGH

📋 TL;DR

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting the Print Spooler service. Attackers could gain SYSTEM-level access on affected Windows versions. This affects Windows systems with Print Spooler enabled.

💻 Affected Systems

Products:

Windows

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Print Spooler service to be running. Print Spooler is enabled by default on most Windows installations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full SYSTEM-level compromise allowing complete control over the system, installation of malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM privileges, enabling persistence, credential dumping, and further exploitation.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege enforcement, and Print Spooler disabled on non-essential systems.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2024 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433

Restart Required: Yes

Instructions:

1. Apply March 2024 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Restart affected systems after patch installation.

🔧 Temporary Workarounds

Disable Print Spooler Service

windows

Disables the vulnerable Print Spooler service to prevent exploitation

sc stop spooler
sc config spooler start= disabled

Restrict Print Spooler via Group Policy

windows

Configure Group Policy to restrict Print Spooler service on non-essential systems

🧯 If You Can't Patch

Disable Print Spooler service on all non-essential systems
Implement network segmentation to isolate systems requiring Print Spooler functionality

🔍 How to Verify

Check if Vulnerable:

Check if Print Spooler service is running and system has not applied March 2024 security updates

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify March 2024 security updates are installed and Print Spooler service version is updated

📡 Detection & Monitoring

Log Indicators:

Event ID 7036 for Print Spooler service restarts
Unusual Print Spooler service activity
Failed Print Spooler service operations

Network Indicators:

Unusual RPC traffic to Print Spooler service
SMB traffic to print shares

SIEM Query:

EventID=7036 AND ServiceName="Spooler" | stats count by host

📊 Metadata

CVE ID: CVE-2024-21433

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-367

Published: March 12, 2024

Last Updated: November 29, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Print Spooler Service

Restrict Print Spooler via Group Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities