CVSS Score v3.1
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0073
73.2th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-21433 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Microsoft Windows 10 1809 . Its CVSS base score is 7.0 (High).
Operationally, ranked in the top 26.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
Windows Print Spooler Elevation of Privilege Vulnerability
CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
microsoft
windows 10 1507
≤ 10.0.10240.20526 · ≤ 10.0.10240.20526
microsoft
windows 10 1607
≤ 10.0.14393.6796 · ≤ 10.0.14393.6796
microsoft
windows 10 1809
≤ 10.0.17763.5576 · ≤ 10.0.17763.5576 · ≤ 10.0.17763.5576
microsoft
windows 10 21h2
≤ 10.0.19044.4170 · ≤ 10.0.19044.4170 · ≤ 10.0.19044.4170
microsoft
windows 10 22h2
≤ 10.0.19045.4170 · ≤ 10.0.19045.4170 · ≤ 10.0.19045.4170
microsoft
windows 11 21h2
≤ 10.0.22000.2836 · ≤ 10.0.22000.2836
microsoft
windows 11 22h2
≤ 10.0.22621.3296 · ≤ 10.0.22621.3296
microsoft
windows 11 23h2
≤ 10.0.22631.3296 · ≤ 10.0.22631.3296
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.6796
+3 more product configuration(s) — see NVD for full list
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Timestamps meeting UTC or offset standards help identify TOCTOU issues through precise chronological reconstruction of check/use operations.
References
Patch, Vendor Advisory · secure@microsoft.com
Patch, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108