Hackers exploited the issue to spread an extremely stealthy rootkit
WTF?
For six months, Microsoft was aware of a zero-day security vulnerability actively exploited by hackers.
The bug, tracked by Microsoft asCVE-2024-21338, is a Windows kernel elevation of privilege vulnerability.
In theory, malicious users with administrative access could exploit the vulnerability to easily interact with the OS kernel.
The CVE-2024-21338 flaw, however, resides in Windows' native AppLocker service driver (appid.sys).
), and more.
Security experts now holdconflicting stanceson Redmond’s behavior with CVE-2024-21338.
