Security News > 2024 > August > Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
2024-08-19 07:05
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this
News URL
https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html
Related news
- Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days (source)
- Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) (source)
- Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) (source)
- North Korea likely behind takedown of Indian crypto exchange WazirX (source)
- North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS (source)
- US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38193 | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |