THREAT OPS › CVEs › CVE-2024-21338
CVE-2024-21338 — Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.
Vulnerability details
- Affected productsWindows
- KEV remediation due2024-03-25