According to TechRadar , Microsoft has finally addressed a serious security vulnerability that the company has been reported to be actively exploited for at least the past six months. The vulnerability, tracked as CVE-2024-21338, was first discovered by cybersecurity researchers from Avast about six months ago.

Described as a Windows Kernel system privilege escalation vulnerability, CVE-2024-21338 was discovered in the Windows AppLocker driver appid.sys. It affects multiple versions of both Windows 10 and Windows 11 operating systems. It was also found in Windows Server 2019 and 2022.

Avast researchers notified Microsoft of the vulnerability and said it had been actively exploited as a zero-day for some time. Since then, some of the world's largest and most dangerous cybercriminal organizations have been actively exploiting CVE-2024-21338, including the Lazarus Group, which is believed to be from North Korea, and have been abusing the vulnerability to gain access to the core of vulnerable devices and disable antivirus programs.

The notorious hacker group is said to have successfully disabled security products such as AhnLab V3 Endpoint Security, Windows Defender, CrowdStrike Falcon, and HitmanPro anti-malware solution.

As of mid-February 2024, a patch for the vulnerability is available for Windows. Microsoft also updated its warning about the vulnerability last week, confirming that the vulnerability is being abused in the wild, but did not provide further details about the attacker. The company is advising users to install the February cumulative update to receive the patch.