Security News > 2024 > March > Windows Kernel bug fixed last month exploited as zero-day since August
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
Sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.
The vulnerability impacts systems running multiple versions of Windows 10 and Windows 11, as well as Windows Server 2019 and 2022.
Avast told BleepingComputer that the North Korean Lazarus state hackers have been exploiting the flaw in attacks as a zero-day since at least August 2023 to gain kernel-level access and turn off security tools, allowing them to avoid using easier-to-detect BYOVD techniques.
"From the attacker's perspective, crossing from admin to kernel opens a whole new realm of possibilities. With kernel-level access, an attacker might disrupt security software, conceal indicators of infection, disable kernel-mode telemetry, turn off mitigations, and more," Avast explained.
Lazarus exploited the flaw to establish a kernel read/write primitive, enabling an updated FudModule rootkit version to perform direct kernel object manipulation.