Security News > 2024 > February > Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
2024-02-29 11:19
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part
News URL
https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21338 | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |