CVE-2024-21338

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the February 2024 Patch Tuesday update Windows 10 version 10.0.17763.5458 and earlier Windows 11 and Windows Server 2022 and Windows Server 2019 (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability in the Windows Kernel, caused by insufficient access control in IOCTL commands. This allows attackers to escalate privileges. The vulnerability was exploited by the Lazarus Group as a zero-day, enabling the bypass of security measures like Windows Defender. The flaw was found in the appid.sys Windows AppLocker driver.

Recommendations Apply the February 2024 Patch Tuesday updates to fix the vulnerability in Microsoft Windows AppLocker. Update Windows 10 to version 10.0.17763.5459 or later. Update Windows 11 and Windows Server 2022 and Windows Server 2019 to the latest version. As a temporary workaround, consider disabling the appid.sys driver until a patch is available. Restrict access to the appid.sys driver to minimize the risk of exploitation.