Security News > 2024 > March > Windows Kernel bug fixed last month exploited as zero-day since August
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
Sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.
The vulnerability impacts systems running multiple versions of Windows 10 and Windows 11, as well as Windows Server 2019 and 2022.
Avast told BleepingComputer that the North Korean Lazarus state hackers have been exploiting the flaw in attacks as a zero-day since at least August 2023 to gain kernel-level access and turn off security tools, allowing them to avoid using easier-to-detect BYOVD techniques.
"From the attacker's perspective, crossing from admin to kernel opens a whole new realm of possibilities. With kernel-level access, an attacker might disrupt security software, conceal indicators of infection, disable kernel-mode telemetry, turn off mitigations, and more," Avast explained.
Lazarus exploited the flaw to establish a kernel read/write primitive, enabling an updated FudModule rootkit version to perform direct kernel object manipulation.
News URL
Related news
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Driver Signature bypass allows kernel rootkit installs (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)