Microsoft finally patches serious Windows kernel security flaw - but not before it was attacked

News
By published

Six months after being notified, Microsoft makes its move

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

Microsoft has finally addressed a high-severity vulnerability that it reportedly knew was being exploited for at least half a year.

The flaw, tracked as CVE-2024-21338, was first discovered by cybersecurity researchers from Avast roughly six months ago. 

Described as a Windows Kernel privilege escalation vulnerability, the flaw was discovered in the appid.sys Windows AppLocker driver. It affected multiple versions of both Windows 10 and Windows 11 operating systems. It was also found in Windows Server 2019 and 2022.

Patch Tuesday to the rescue

Last year, Avast’s researchers notified Microsoft about the flaw, saying it was being used as a zero-day vulnerability. Since then, some of the world’s biggest and most dangerous threat actors have been actively using the flaw, including the North Koreans. 

We recently reported on Lazarus Group, a threat actor known to have ties with the North Korean government, abusing this same flaw to gain kernel-level access to vulnerable devices and disable antivirus programs. 

To exploit the zero-day, Lazarus used a new version of FudModule, its proprietary rootkit which was first spotted in late 2022. In previous attacks, the rootkit abused a Dell driver, in what’s known as Bring Your Own Vulnerable Driver (BYOVD) attack. Now, FudModule is stealthier and more functional, offering more ways to avoid being detected and turn off endpoint protection solutions.

Apparently, the group used it to disable products such as AhnLab V3 Endpoint Security, Windows Defender, CrowdStrike Falcon, and the HitmanPro anti-malware solution.

Now, as of mid-February 2024, a patch for the flaw is available. Microsoft also updated its advisory about the vulnerability last week, confirming the flaw being abused in the wild. No details about the attackers were shared, though. "To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system," Microsoft explained.

Users should install the February Patch Update cumulative update, Microsoft advised.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
malware
US government warns federal agencies to patch dangerous Windows kernel bug
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
More about security
A hand holding an iPhone with the iCloud logo on screen.

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
Best email services: image of email with one unread message alert

Over 400 million unwanted and malicious emails were received by businesses in 2024
Cuktech 15 Ultra leaning on plinth on table with pink background

I like the fast charging and detailed display of the Cuktech 15 Ultra, but it doesn’t have quite enough capacity to last
See more latest
Most Popular
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Gachapon Capsure Station
Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 4: everything we know so far about the hit Prime Video show's next chapter
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
A hand holding an iPhone with the iCloud logo on screen.
"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024