{"api_version":"1","generated_at":"2026-05-13T07:47:42+00:00","cve":"CVE-2024-21338","urls":{"html":"https://cve.report/CVE-2024-21338","api":"https://cve.report/api/cve/CVE-2024-21338.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-21338","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-21338"},"summary":{"title":"Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability","description":"Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.","state":"PUBLISHED","assigner":"","published_at":"2024-03-04","updated_at":"2026-05-08 17:29:15"},"problem_types":[],"metrics":[],"references":[{"url":"https://www.cve.org/CVERecord?id=CVE-2024-21338","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21338","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2024","cve_id":"21338","cve":"CVE-2024-21338","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability","dateAdded":"2024-03-04","shortDescription":"Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2024-03-25","knownRansomwareCampaignUse":"Known","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338","cwes":"CWE-822","catalogVersion":"2026.05.08","updated_at":"2026-05-08 17:29:15"},"epss":{"cve_year":"2024","cve_id":"21338","cve":"CVE-2024-21338","epss":"0.791420000","percentile":"0.990780000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:55"},"legacy_qids":[{"cve":"CVE-2024-21338","qid":"92111","title":"Microsoft Windows Security Update for February 2024"}]},"source_records":{"cve_program":null,"nvd":{"publishedDate":null,"lastModifiedDate":null,"problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":null,"notes":[]}}}