Actively Exploited Windows Kernel Vulnerability Addressed By Microsoft
In February, Microsoft addressed a critical Windows Kernel privilege escalation vulnerability, CVE-2024-21338, six months after it was reported as actively exploited. Discovered by Avast's Jan Vojtěšek, the flaw affects various Windows versions, including the latest releases of Windows 10 and 11, as well as Windows Server 2019 and 2022. Exploitation of the vulnerability grants attackers SYSTEM privileges without user interaction. Microsoft released a patch on February 13 and confirmed exploitation in the wild on February 28 without disclosing further details. Read more...