Saturday, December 21, 2024
HomeCVE/vulnerabilityLazarus Hacker Group Exploited Microsoft Windows Zero-day

Lazarus Hacker Group Exploited Microsoft Windows Zero-day

Published on

SIEM as a Service

The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys).

This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in early June 2024.

The flaw allowed the group to gain unauthorized access to sensitive system areas, posing a significant threat to users worldwide.

- Advertisement - SIEM as a Service

CVE-2024-38193: A Critical Security Vulnerability

The CVE-2024-38193 vulnerability is classified as an “Elevation of Privilege” flaw. It allowed attackers to bypass normal security restrictions and access sensitive system areas that are typically off-limits to most users and administrators.

This type of attack is sophisticated and resourceful. It is estimated to be worth several hundred thousand dollars on the black market.

The vulnerability was exploited using a specialized malware known as “Fudmodule,” which effectively concealed the hackers’ activities from security software.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

The Lazarus group targeted individuals in sensitive fields, such as cryptocurrency engineering and aerospace, aiming to infiltrate their employers’ networks and steal cryptocurrencies to fund their operations.

Microsoft Responds with a Critical Patch

In response to this alarming threat, Microsoft has swiftly issued a patch to address the critical vulnerability.

The company’s proactive efforts were bolstered by the Gen cybersecurity team, which alerted Microsoft to the issue and provided detailed example code that helped pinpoint and resolve the flaw effectively.

This rapid action has safeguarded all vulnerable Windows devices from potential attacks. All Windows users must update their systems promptly and remain vigilant against potential threats for continued protection.

Gen’s commitment to digital freedom extends beyond protecting its customers; it involves safeguarding the entire digital ecosystem.

Through rigorous research and deep visibility into emerging threats, their cybersecurity team was able to uncover this critical vulnerability and bring it to light before it could cause widespread harm.

By sharing this information with Microsoft, Gen has protected millions of Windows users worldwide and reaffirmed its dedication to creating a safer digital future for all.

This effort is a testament to Gen’s mission of empowering and protecting people everywhere, ensuring everyone can navigate the digital world confidently and securely.

The vulnerability is associated with the weakness CWE-416: Use After Free, with a CVSS score of 7.8/7.2, indicating its high severity.

Microsoft, the assigning CNA, has classified the maximum severity of this vulnerability as “Important.”

As the digital landscape continues to evolve, this incident underscores the importance of collaboration between cybersecurity experts and technology companies to protect users from sophisticated cyber threats.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...