Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
Tracked as CVE-2024-21338, the security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.
The vulnerability impacts systems running multiple versions of Windows 10 and Windows 11 (including the latest releases), as well as Windows Server 2019 and 2022.
Microsoft explains that successful exploitation enables local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction.
cyberplace.social
Tracked as CVE-2024-21338, the security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.
The vulnerability impacts systems running multiple versions of Windows 10 and Windows 11 (including the latest releases), as well as Windows Server 2019 and 2022.
Microsoft explains that successful exploitation enables local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction.
Kevin Beaumont (@GossiTheDog@cyberplace.social)
Another clanger from Microsoft - - zero day vulnerability being exploited in Windows OS for six months in the wild by North Korea - They didn’t tell anybody, took six months to make a patch - released the patch without saying what happened - didn’t mark it as a zero day in Microsoft...
cyberplace.social
