⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-03-25.

CVE-2024-21338 — Untrusted Pointer Dereference in Microsoft Windows 10 Version 1809

CWE-822 — Untrusted Pointer Dereference32 documents16 sources

Severity

7.8HIGHNVD

EPSS

79.1%

top 0.93%

CISA KEV

KEVRansomware

Added 2024-03-04

Due 2024-03-25

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 Microsoft Windows 10 Version 22h2 +13 more

Timeline

PublishedFeb 13

KEV addedMar 4

KEV dueMar 25

Latest updateApr 22

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Kernel Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

▶NVDmicrosoft/windows< 10.0.17763.5458+2

▶NVDmicrosoft/windows_10_1809< 10.0.17763.5458

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.4046

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.4046

▶NVDmicrosoft/windows_11_21h2< 10.0.22000.2777

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

CVEList

Windows Kernel Elevation of Privilege Vulnerability↗2024-02-13

▶

GHSA

GHSA-jqrq-gqwg-r8r5: Windows Kernel Elevation of Privilege Vulnerability↗2024-02-13

▶

VulnCheck

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability↗2024

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 11 - Kernel Privilege Escalation↗2025-04-22

▶

Exploit-DB

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation↗2024-04-02

▶

📋Vendor Advisories

CISA

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability↗2024-03-04

▶

Microsoft

Windows Kernel Elevation of Privilege Vulnerability↗2024-02-13

▶

🕵️Threat Intelligence

Greynoiseio

GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs↗2025-02-26

▶

Qualys

Defense Lessons From the Black Basta Ransomware Playbook↗2025-02-25

▶

Qualys

Defense Lessons From the Black Basta Ransomware Playbook | Qualys↗2025-02-25

▶

Tenable

Microsoft Patch Tuesday 2024 Year in Review↗2024-12-10

▶

Securelist

Review of supply chain attacks in 2024 and potential disruption scenarios for 2025↗2024-12-09

▶