Windows Kernel Elevation of Privilege Vulnerability
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 13 February 2024
Badges
Summary
A vulnerability, CVE-2024-21338, in the Windows Kernel has been exploited by the Lazarus Group, allowing them to enhance their FudModule rootkit. This vulnerability grants attackers unprecedented kernel privileges and has prompted a swift response from Avast and Microsoft. The rootkit's evolution includes innovative methods for manipulating handle table entries, effective against security processes from renowned entities. The flaw was patched by Microsoft during their February Patch Tuesday update. The implications of this exploit highlight the ongoing battle against cyber threats, as the cybersecurity community remains on high alert. The exploitation of this vulnerability poses a significant risk, particularly with regards to ransomware attacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-21338 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.5458
Windows Server 2019 < 10.0.17763.5458
Windows Server 2019 (Server Core installation) < 10.0.17763.5458
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Habr CVE-2024-27198CVE-2024-21338Трендовые уязвимости марта: обновляйтесь и импортозамещайтесь
Хабр, привет! Я Александр Леонов, и мы с командой аналитиков Positive Technologies каждый месяц изучаем информацию о недостатках безопасности из баз, бюллетеней безопасности вендоров, социальных...
5 months ago
Xakep CVE-2024-21338CVE-2024-21378Positive Technologies перечислила трендовые уязвимости прошедшего марта
Эксперты Positive Technologies отнесли к трендовым уязвимостям марта пять проблем, обнаруженных в продуктах Fortinet, JetBrains и Microsoft. К трендовым относятся уязвимости уже использовавшиеся в атаках и те, эксплуатация которых прогнозируется в ближайшее время.
5 months ago
Security Affairs CVE-2024-21338CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
U.S. CISA adds a Microsoft Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog.........
7 months ago
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by Avast Threat Labs
Vulnerability published.
Vulnerability Reserved.