- Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability (CVE-2024-21338) in February, six months after being informed that the flaw was being exploited as a zero-day.
- Avast discovered and reported the actively exploited zero-day vulnerability in the appid.sys Windows AppLocker driver to Microsoft last August.
- The vulnerability impacts various versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022, allowing local attackers to gain SYSTEM privileges without user interaction.
- The North Korean Lazarus state hackers exploited the flaw since at least August 2023 to gain kernel-level access, disable security tools, and manipulate kernel objects using an updated FudModule rootkit.
- Windows users are urged to install the February 2024 Patch Tuesday updates promptly to protect against the CVE-2024-21338 attacks orchestrated by Lazarus.
Related Video
Published on: November 19, 2020
Description: https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/ Elevation of ...
Windows Kernel Zero-Day Vulnerability Used in Targeted Attacks| AT&T ThreatTraq
Related Wikipedia Articles
Topics: No responseResponse
Response may refer to: Call and response (music), musical structure Reaction (disambiguation) Request–response Output or response, the result of telecommunications input Response (liturgy), a line answering a versicle Response (music) or antiphon, a response to a psalm or other part of a religious service Response, a phase in emergency management...
Read more: Response
