THREATOPS
THREAT OPSCVEs › CVE-2024-21338

CVE-2024-21338 — Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

CISA KEVExploited: confirmedMicrosoft

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Vulnerability details