CVE-2024-21338

Windows Kernel bug fixed last month exploited as zero-day since August By Sergiu Gatlan March 2, 2024 10:09 AM 0 Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Tracked as CVE-2024-21338, the security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively expl...

Lazarus hackers exploited Windows zero-day to gain Kernel privileges By Bill Toulas February 28, 2024 12:24 PM 1 North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. This activity was detected by Avast analysts, who promptly reported it to Microsoft, leading to a fix for the flaw, no...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Researchers at Avast said they informed Microsoft of a serious admin-to-kernel exploit in a driver associated with AppLocker, the app for whitelisting software built into Windows, in August of last year. The vulnerability, found in the input/output contro...