Security News > 2024 > August > Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
2024-08-19 07:05
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this
News URL
https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html
Related news
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet (source)
- FBI officially fingers North Korea for $1.5B Bybit crypto-burglary (source)
- $1.5B Bybit Hack is Linked to North Korea, FBI Says, in Potentially the Largest Crypto Heist Ever (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38193 | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |