Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft patches Windows security flaw exploited by North Korean hackers — but is it too late?

An image of network security icons for a network encircling a digital blue earth.

As part of its latest Patch Tuesday cumulative update, Microsoft fixed a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. This bug is tracked as CVE-2024-38193, and carries a severity score of 7.8.

Abusing this flaw apparently grants attackers admin privileges on the vulnerable endpoint, with Microsoft noting, "an attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

However, the patch may have come a little too late, since some researchers said hackers were already abusing the bug, while it was a zero-day. In fact, researchers from Gen Digital (owners of Norton, Avira, Avast, and others) claim Lazarus Group, the infamous North Korean state-sponsored organization, used it to drop a malware rootkit called FudModule.

Lazarus strikes again

"This flaw allowed them to gain unauthorized access to sensitive system areas," Gen Digital said in a report. "The vulnerability allowed attackers to bypass normal security restrictions and access sensitive system areas that most users and administrators can't reach."

“This type of attack is both sophisticated and resourceful, potentially costing several hundred thousand dollars on the black market. This is concerning because it targets individuals in sensitive fields, such as those working in cryptocurrency engineering or aerospace to get access to their employer’s networks and steal crypto currencies to fund attackers’ operations,” the researchers concluded.

Lazarus is a known threat actor, responsible for some of the most devastating cyberattacks in recent history. It is most famous for its fake job campaigns, in which it creates fake LinkedIn profiles (or impersonates known figures) and then approaches software developers with offers of great jobs with amazing salaries.

One such attack, carried out against a blockchain developer, resulted in the theft of roughly $600 million from a cryptocurrency project. Some researchers claim North Korea is using the money to fund its state apparatus, as well as its weapons program.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.