Microsoft patches Windows security flaw exploited by North Korean hackers — but is it too late?

News
By published

Lazarus had already used the flaw to access IT systems

An image of network security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock) (Image credit: Shutterstock)

As part of its latest Patch Tuesday cumulative update, Microsoft fixed a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. This bug is tracked as CVE-2024-38193, and carries a severity score of 7.8.

Abusing this flaw apparently grants attackers admin privileges on the vulnerable endpoint, with Microsoft noting, "an attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

However, the patch may have come a little too late, since some researchers said hackers were already abusing the bug, while it was a zero-day. In fact, researchers from Gen Digital (owners of Norton, Avira, Avast, and others) claim Lazarus Group, the infamous North Korean state-sponsored organization, used it to drop a malware rootkit called FudModule.

Lazarus strikes again

"This flaw allowed them to gain unauthorized access to sensitive system areas," Gen Digital said in a report. "The vulnerability allowed attackers to bypass normal security restrictions and access sensitive system areas that most users and administrators can't reach."

“This type of attack is both sophisticated and resourceful, potentially costing several hundred thousand dollars on the black market. This is concerning because it targets individuals in sensitive fields, such as those working in cryptocurrency engineering or aerospace to get access to their employer’s networks and steal crypto currencies to fund attackers’ operations,” the researchers concluded.

Lazarus is a known threat actor, responsible for some of the most devastating cyberattacks in recent history. It is most famous for its fake job campaigns, in which it creates fake LinkedIn profiles (or impersonates known figures) and then approaches software developers with offers of great jobs with amazing salaries.

One such attack, carried out against a blockchain developer, resulted in the theft of roughly $600 million from a cryptocurrency project. Some researchers claim North Korea is using the money to fund its state apparatus, as well as its weapons program.

Via The Hacker News

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Mobile phone with logo of video game distribution platform Steam operated by Valve on screen in front of web page

How to gift a game on Steam
See more latest
Most Popular
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar is a new microphone with the world's first Bluetooth audio gateway in a wired gaming mic
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)