all InfoSec news
Microsoft Windows Security Update Advisory (CVE-2024-21338)
Malware Analysis, News and Indicators - Latest topics malware.news
Overview
On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and can either disable security products or gain system privilege. AVAST reported that the Lazarus threat group has recently used CVE-2024-21338 vulnerability to disable security products. Thus, Windows OS users …
actor advisory applocker can cve cve-2024-21338 driver elevation of privilege exploiting feature february kernel malware analysis memory microsoft microsoft windows patch privilege random security security update threat threat actor update vulnerability windows windows kernel windows security