Security News > 2024 > August > Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
2024-08-19 07:05

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this


News URL

https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-38193 Unspecified vulnerability in Microsoft products
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
local
low complexity
microsoft
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 380 51 1402 2879 175 4507