Security News > 2024 > August > Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
2024-08-19 07:05
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this
News URL
https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- North Korea's fake IT worker scam hauled in at least $88M over six years (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- US govt says North Korea stole over $659 million in crypto last year (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Crypto klepto North Korea stole $659M over just 5 heists last year (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38193 | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |