7.8
CVE-2024-21338
- EPSS 78.05%
- Published 13.02.2024 18:15:49
- Last modified 28.04.2025 20:47:49
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Windows Kernel Elevation of Privilege Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.5458
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.4046
Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.4046
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.2777
Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.3155
Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.3155
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.5458
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2322
Microsoft ≫ Windows Server 2022 23h2 Version <= 10.0.25398.709
04.03.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
VulnerabilityMicrosoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 78.05% | 0.99 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-822 Untrusted Pointer Dereference
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.