Security News > 2024 > February > Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
2024-02-29 11:19
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part
News URL
https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html
Related news
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21338 | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |