Microsoft patches Windows security flaw exploited by North Korean hackers — but is it too late?

Lazarus had already used the flaw to access IT systems

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

As part of its latest Patch Tuesday cumulative update,Microsoftfixed a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. This bug is tracked as CVE-2024-38193, and carries a severity score of 7.8.

Abusing this flaw apparently grants attackers admin privileges on the vulnerable endpoint, with Microsoft noting, “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

However, the patch may have come a little too late, since some researchers said hackers were already abusing the bug, while it was a zero-day. In fact, researchers from Gen Digital (owners ofNorton, Avira, Avast, and others) claim Lazarus Group, the infamous North Korean state-sponsored organization, used it to drop amalwarerootkit called FudModule.

Lazarus strikes again

“This flaw allowed them to gain unauthorized access to sensitive system areas,” Gen Digital said in a report. “The vulnerability allowed attackers to bypass normal security restrictions and access sensitive system areas that most users and administrators can’t reach.”

“This type of attack is both sophisticated and resourceful, potentially costing several hundred thousand dollars on the black market. This is concerning because it targets individuals in sensitive fields, such as those working in cryptocurrency engineering or aerospace to get access to their employer’s networks and steal crypto currencies to fund attackers’ operations,” the researchers concluded.

Lazarus is a known threat actor, responsible for some of the most devastating cyberattacks in recent history. It is most famous for its fake job campaigns, in which it creates fake LinkedIn profiles (or impersonates known figures) and then approaches software developers with offers of great jobs with amazing salaries.

One such attack, carried out against a blockchain developer, resulted in the theft of roughly $600 million from a cryptocurrency project. Some researchers claim North Korea is using the money to fund its state apparatus, as well as its weapons program.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success