Microsoft Patches Windows Zero-Day Exploited by Hackers Since August 2023
Microsoft has fixed a high-severity vulnerability in Windows six months after being warned about the zero-day exploitation. Learn more about the critical Windows flaw and its implications in cyber security.
- Microsoft left a zero-day vulnerability in Windows unpatched for approximately six months, allowing for exploitation by North Korean hackers.
- The bug was leveraged to install rootkits for malware with administrative privileges to interact with the Windows kernel.
Microsoft has patched a high-severity vulnerability that has been reportedly exploited for at least six months. The flaw, CVE-2024-21338, was found and reported on by cybersecurity researchers from Avast in August 2023. The bug allowed privilege escalation in the Windows Kernel and was found in the appid.sys driver of the Windows AppLocker, affecting both Windows 10 and 11 operating systems and Windows Server versions 2019 and 2022.
The vulnerability was found to be actively exploited by hackers backed by the North Korean government to install rootkits on target computers. The flaw also allowed bad actors to set up malware with administrative privileges for interactions with the Windows kernel. Hackers have been able to exploit vulnerabilities such as these by leveraging third-party drivers that already have access to the kernel.
See More: The End of Reboots? Microsoft Testing Hotpatch to Update Windows 11 Without Disruptions
The delay in patching the Windows flaw has been largely attributed to Microsoft’s security servicing policies, which do not consider administrator-to-kernel flaws as security boundaries. This allows the company to patch such bugs at their own discretion. The Avast report, however, found that the Microsoft policy proved advantageous for hackers using custom rootkits that piggyback on approved third-party drivers.
Microsoft finally patched the flaw in February 2024, despite a description and proof-of-concept code by Avast researchers. The incident again brings Microsoft’s security policies under scrutiny soon after hacks and exploitation of vulnerabilities in its Azure and Exchange server platforms.
Do you think Microsoft does enough to minimize cyber threats? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
