CVE-2024-38041 - Windows AppLocker Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38041 is a information leak vulnerability in the Windows AppID driver (appid.sys). The flaw lies in the handler for IOCTL code 0x22A014, which lacks proper validation of the caller’s access mode. Specifically, the AipDeviceIoControlDispatch function does not verify that the request originates from kernel mode. As a result, a user-mode process running as LOCAL SERVICE can trigger …