CVE-2024-21338
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
CVSS
—
Sin CVSS
EPSS
51.9%
p99
KEV
SÍ
4 mar 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Windows
Vulnerabilidad
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Añadido a KEV
4 mar 2024
Remediar antes de
25 mar 2024
Uso conocido en ransomware
Sí
Descripción resumida
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338