Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21338

7.8HIGH

Key Information

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 13 February 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

What is CVE-2024-21338?

CVE-2024-21338 is a significant security vulnerability affecting the Windows operating system, specifically related to the Windows Kernel. This vulnerability allows attackers to gain elevated privileges, which could enable them to execute arbitrary code with system-level permissions. Such a flaw represents a serious threat to organizations, as it could facilitate unauthorized access to sensitive information, manipulation of system configurations, and deployment of malicious software, undermining the integrity and security of enterprise environments.

Technical Details

The vulnerability arises from improper handling within the Windows Kernel, which is critical for managing system resources and facilitating communication between hardware and software components. This flaw makes it possible for attackers to exploit the kernel's capabilities, potentially allowing a lower privilege user to gain higher-level privileges. The technical mechanisms behind this vulnerability involve the exploitation of certain permissions and access controls that, if bypassed, can lead to malicious activities being conducted with undue authority.

Impact of the Vulnerability

Unauthorized System Access: Attackers can exploit CVE-2024-21338 to elevate their privileges, gaining unauthorized access to critical system components. This could enable them to perform actions without user consent, which can lead to data breaches or the theft of sensitive information.
Malware Deployment: With elevated privileges, an attacker may deploy malware or ransomware within the affected system or network. This not only compromises the system itself but also poses a risk to the integrity of connected systems and data.
System Compromise: The potential for complete system takeover is significant, as elevated privileges allow adversaries to manipulate system processes and configurations, potentially leading to widespread disruptions or damage to operational capabilities within organizations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-21338 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.5458

Windows Server 2019 < 10.0.17763.5458

Windows Server 2019 (Server Core installation) < 10.0.17763.5458

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-21338-x64-build-
Created by Zombie-Kaiser

CVE-2024-21338
Created by varwara

News Articles

Habr

CVE-2024-27198 CVE-2024-21338

Трендовые уязвимости марта: обновляйтесь и импортозамещайтесь

Хабр, привет! Я Александр Леонов, и мы с командой аналитиков Positive Technologies каждый месяц изучаем информацию о недостатках безопасности из баз, бюллетеней безопасности вендоров, социальных...

8 months ago

Xakep

CVE-2024-21338 CVE-2024-21378

Positive Technologies перечислила трендовые уязвимости прошедшего марта

Эксперты Positive Technologies отнесли к трендовым уязвимостям марта пять проблем, обнаруженных в продуктах Fortinet, JetBrains и Microsoft. К трендовым относятся уязвимости уже использовавшиеся в атаках и те, эксплуатация которых прогнозируется в ближайшее время.

8 months ago