CVE-2024-21338

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 10 articles Published: 2024-02-13

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

79.57%

probability

This CVE has a 79.57% probability of being exploited in the next 30 days.

0% Top 99.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Functional

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

NVD

Windows Kernel Elevation of Privilege Vulnerability

Affected Products

Microsoft

Windows 10 Version 1809

10.0.17763.0

Microsoft

Windows 10 Version 1809

10.0.0

Microsoft

Windows Server 2019

10.0.17763.0

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0

Microsoft

Windows Server 2022

10.0.20348.0

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-822 · Untrusted Pointer Dereference

Google Project Zero

Patched

Feb. 13, 2024

Reported by

Jan Vojtěšek with Avast

Exploits & PoC

hakaioffsec/CVE-2024-21338

Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

318

Crowdfense/CVE-2024-21338

Windows AppLocker Driver (appid.sys) LPE

tykawaii98/CVE-2024-21338_PoC

PoC CVE-2024-21338 — tykawaii98/CVE-2024-21338_PoC

wusijie/CVE-2024-21338-1

PoC for the Untrusted Pointer Dereference in the appid.sys driver

hackyboiz/kcfg-bypass

kcfg bypass example - CVE-2024-21338

5 repos — triés par ⭐ Rechercher sur GitHub ↗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338

vendor-advisory

Signal Intelligence

Confidenceⓘ

92%

EPSS 79.57%

CVSS v3.1 7.8

Mentions 10

Last Seen Feb 25, 2025

CNA Information

CNA Assigner

microsoft

CNA Title

Windows Kernel Elevation of Privilege Vulnerability

Analyst Note

This CVE demonstrates strong confirmation signals: it affects a critical Windows kernel component with HIGH CVSS (7.8), has been actively exploited in the wild by Lazarus threat actors, and was formally patched by Microsoft in February 2024. The presence of multiple credible reporting sources corroborating active exploitation and the kernel privilege escalation impact provide substantial evidence for the confirmed status.