CVE-2024-21338
Windows Kernel Stream vulnerability. Laazarus was used by APT with the FudModule rootkit by the Lazarus group. It was also seen in environments where stealers such as RedLine and LummaStealer had access.
Vulnerability Profile
CVSS Score
7.8 / 10.0
Severity
High
Exploitation Status
⚠ Active Exploitation
Patch Status
✓ Patch Available
Affected Software
Windows 10/11, Windows Server 2019/2022
Exploitation Method
Kernel LPE
MITRE ATT&CK
T1068 - Exploitation for Privilege Escalation
CVE-2024-21338 Windows appid.sys Kernel LPE. Lazarus grubu tarafindan FudModule v2 rootkit ile kullanilmistir. Hedef sistemlere erismek icin stealer malwarelarin kombine kullanildigi kampanyalarda goruldu.