When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Microsofthas finally addressed a high-severity vulnerability that it reportedly knew was being exploited for at least half a year.
The flaw, tracked as CVE-2024-21338, was first discovered by cybersecurity researchers from Avast roughly six months ago.
(Image Credit: TheDigitalArtist / Pixabay)
Described as a Windows Kernel privilege escalation vulnerability, the flaw was discovered in the appid.sys Windows AppLocker driver.
It affected multiple versions of bothWindows 10andWindows 11operating systems.
It was also found in Windows Server 2019 and 2022.
Now, as of mid-February 2024, a patch for the flaw is available.
Microsoft also updated its advisory about the vulnerability last week, confirming the flaw being abused in the wild.
No details about the attackers were shared, though.
“To exploit this vulnerability, an attacker would first have to log on to the system.
Users should set up the February Patch Update cumulative update, Microsoft advised.
ViaBleepingComputer
