Microsoft has finally patched the Windows Kernel’s critical security vulnerability, but not before it was hacked.
According to TechRadar, Microsoft has finally addressed a serious security vulnerability that the company had been reported to be actively exploiting for at least the past half a year. This vulnerability, tracked with the code name CVE-2024-21338, was first discovered by cybersecurity researchers from Avast about 6 months ago.
Described as a Windows Kernel system privilege escalation vulnerability, CVE-2024-21338 has been discovered in the Windows AppLocker driver appid.sys. It affects multiple versions of both Windows 10 and Windows 11 operating systems. It is even found in Windows Server 2019 and 2022
Avast researchers notified Microsoft about this vulnerability and said it was being exploited as a zero-day for a long time. largest and most dangerous cybercriminal organizations Since then, some of the world have actively attacked CVE-2024-21338, including the Lazarus group believed to be from North Korea, which abused the vulnerability itself. this vulnerability is to access the system core of vulnerable devices and disable antivirus programs.
This notorious hacker group is said to have successfully disabled security products such as AhnLab V3 Endpoint Security, Windows Defender, CrowdStrike Falcon, and HitmanPro anti-malware solutions.
Currently, as of mid-February 2024, a patch for the vulnerability is available for Windows. Microsoft also updated its warning about the vulnerability last week, confirming the vulnerability was being abused in the wild, but did not provide further details about the attacker. The company is advising users to install February’s cumulative update to receive the patch
