March 2, 2024 at 10:58AM
Microsoft recently patched a high-severity Windows Kernel vulnerability, CVE-2024-21338, which was actively exploited for six months after it was reported. The flaw allowed attackers to gain SYSTEM privileges without user interaction. Avast discovered that North Korean Lazarus hackers used the vulnerability to gain kernel-level access and evade security tools. Windows users are urged to install the February 2024 Patch Tuesday updates to protect against these attacks.
Key meeting notes:
– Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability, CVE-2024-21338, in February 2024, six months after being informed that the flaw was being exploited as a zero-day.
– The vulnerability impacts multiple versions of Windows 10 and 11, as well as Windows Server 2019 and 2022.
– Successful exploitation enables local attackers to gain SYSTEM privileges in low-complexity attacks that don’t require user interaction.
– Avast discovered that North Korean Lazarus state hackers have been exploiting the flaw since at least August 2023 to gain kernel-level access and turn off security tools.
– Lazarus exploited the flaw to establish a kernel read/write primitive and release an updated FudModule rootkit version with significant stealth and functionality improvements.
Key Action Item:
– Windows users are advised to install the February 2024 Patch Tuesday updates to block Lazarus’ CVE-2024-21338 attacks as soon as possible.