Microsoft recently patched a zero-day Windows vulnerability that was being actively exploited by the infamous North Korean hacking group Lazarus.
The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), was patched as part of the company’s August 2024 Patch Tuesday updates.
This flaw has been described as a privilege escalation bug within the Windows Ancillary Function Driver (AFD.sys) for WinSock, which could allow attackers to gain SYSTEM-level privileges to targeted machines and make significant changes to them.
Luigino Camastra and Milánek, researchers from Gen Digital, a cybersecurity firm, were credited for discovering and reporting the vulnerability.
The exploit, which the researchers uncovered in early June 2024, found that the Lazarus group was exploiting a hidden security flaw in a crucial part of Windows called the AFD.sys driver.
The state-sponsored actor used a special type of malware called Fudmodule to mask their activities, which made it difficult for traditional security software to notice the breach.
This allowed the threat actors to bypass normal security restrictions and access sensitive system areas that most users and administrators cannot reach.
“This type of attack is both sophisticated and resourceful, potentially costing several hundred thousand dollars on the black market. This is concerning because it targets individuals in sensitive fields, such as those working in cryptocurrency engineering or aerospace to get access to their employer’s networks and steal crypto currencies to fund attackers’ operations,” the cybersecurity company disclosed in a blog post last week.
While it’s unknown how Lazarus learned about the vulnerability in Windows, the good news is that Microsoft has now issued a crucial patch for this flaw.
Users are recommended to install the fix as soon as possible and update their systems to protect them against potential threats in the future.