Heimdal
article featured image

Contents:

Microsoft took six months to patch an actively exploited Windows kernel zero-day. Successful exploitation of CVE-2024-21338 gives attackers system privileges over the infected device.

The patch for this flaw is available in the February 2024 Patch Tuesday updates. Security researchers urge Windows users to apply patches as soon as possible, to avoid privilege escalation.

Windows kernel zero-day risks

CVE-2024-21338 got a severity score of 7.8, which is high. In the FAQs section, Microsoft said:

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Source – Microsoft Security Response Center

Having kernel-level access means you can:

  • Turn off security software
  • Misconfigure security settings
  • hide Indicators of Compromise (IoCs)
  • disable kernel-mode telemetry
  • share hardware resources, etc.

North Korean threat group Lazarus exploited CVE-2024-21338

Soon after Microsoft released the patch for CVE-2024-21338, researchers announced that Lazarus threat group successfully exploited the flaw.

Reportedly, the attackers first used the Windows kernel zero-day in August 2023. Their aim was to install an updated FudModule rootkit version. The rootkit can disable all security tools that the infected system uses.

Patch now and stay safe

The first thing you should do to stay safe from the Windows kernel flaw is patch. Apply updates available in the February Patch Tuesday to close CVE-2024-21338 and avoid Lazarus gaining kernel privileges on your system. Premium patch management softwares can help automate processes, so you can apply patches in only two clicks.

However, the best approach is to enforce a multi-layered security strategy. Hackers could only use CVE-2024-21338 on an already compromised device. So, once you patched, go to the basics:

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE