Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21338
7.8HIGH

Key Information

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
13 February 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

A vulnerability, CVE-2024-21338, in the Windows Kernel has been exploited by the Lazarus Group, allowing them to enhance their FudModule rootkit. This vulnerability grants attackers unprecedented kernel privileges and has prompted a swift response from Avast and Microsoft. The rootkit's evolution includes innovative methods for manipulating handle table entries, effective against security processes from renowned entities. The flaw was patched by Microsoft during their February Patch Tuesday update. The implications of this exploit highlight the ongoing battle against cyber threats, as the cybersecurity community remains on high alert. The exploitation of this vulnerability poses a significant risk, particularly with regards to ransomware attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-21338 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.5458

Windows Server 2019 < 10.0.17763.5458

Windows Server 2019 (Server Core installation) < 10.0.17763.5458

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-21338-x64-build-
Created by Zombie-Kaiser

CVE-2024-21338
Created by varwara

News Articles

favicon imageHabr

Трендовые уязвимости марта: обновляйтесь и импортозамещайтесь

Хабр, привет! Я Александр Леонов, и мы с командой аналитиков Positive Technologies каждый месяц изучаем информацию о недостатках безопасности из баз, бюллетеней безопасности вендоров, социальных...

7 months ago

favicon imageXakep

Positive Technologies перечислила трендовые уязвимости прошедшего марта

Эксперты Positive Technologies отнесли к трендовым уязвимостям марта пять проблем, обнаруженных в продуктах Fortinet, JetBrains и Microsoft. К трендовым относятся уязвимости уже использовавшиеся в атаках и те, эксплуатация которых прогнозируется в ближайшее время.

7 months ago

favicon imageSecurity Affairs

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. CISA adds a Microsoft Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog.........

9 months ago

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by Avast Threat Labs

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed2 Proof of Concept(s)12 News Article(s)
.