Security News > 2024 > August > 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
2024-08-20 12:59
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Gen Digital researchers Luigino Camastra and Milanek discovered in early June 2024 that the Lazarus APT group was exploiting the flaw to achieve SYSTEM privilege, so they can “bypass … More → The post 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) appeared first on Help Net Security.
News URL
Related news
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38193 | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |