The Windows vulnerability, known as CVE-2024-21338, was first discovered by Avast cybersecurity researchers about six months ago. This vulnerability, which allows Windows Kernel privilege elevation, was found in the appid.sys Windows AppLocker driver. It was stated that it affects multiple Windows 10 and Windows 11 operating system versions. The vulnerability was also found in Windows Server 2019 and 2022.
Microsoft fixed the vulnerability with a patch
Last year, Avast researchers notified Microsoft that this vulnerability was used as a zero-day vulnerability. Since then, some of the world’s largest and most dangerous threat actors, including the North Koreans, have been actively exploiting this vulnerability.
Lazarus Group, a threat actor with known ties to the North Korean government, exploited this vulnerability to gain kernel-level access to vulnerable devices and disable antivirus programs.
To exploit the zero-day, Lazarus used a new version of FudModule, a custom rootkit first noticed in late 2022. In previous attacks, the rootkit exploited a Dell driver, known as a BYOVD (Bring Your Own Vulnerable Driver) attack.
Currently FudModule has become more mysterious and more functional. Because it offers more ways to avoid detection and options to disable endpoint protection solutions.
How to turn off sticky keys in Windows 11?
We explained in detail how you can do this in our detailed guide on how to turn off sticky keys in Windows 11.
The group apparently used this to disable products such as AhnLab V3 Endpoint Security, Windows Defender, CrowdStrike Falcon, and the HitmanPro antimalware solution. As of the end of last month, an official patch for this vulnerability is now available. Microsoft released updates that fixed the vulnerability last week. Details about the attackers were not shared.
Microsoft, “To exploit this vulnerability, the attacker will first need to log into the system. An attacker could then run a specially crafted application that could exploit a vulnerability that could gain control over an affected system.” he explained the situation.
Therefore, do not forget to check and install the update in Windows Update. What are you thinking? Please don’t forget to share your thoughts with us in the comments section.