Security News Windows Kernel bug fixed last month exploited as zero-day since August


Level 16
Thread author
Top Poster
Aug 10, 2013
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
Tracked as CVE-2024-21338, the security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.
The vulnerability impacts systems running multiple versions of Windows 10 and Windows 11 (including the latest releases), as well as Windows Server 2019 and 2022.
Microsoft explains that successful exploitation enables local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction.


About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.