#MicrosoftWindows

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

by

August 19, 2024 at 03:15AM A critical privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock, tracked as CVE-2024-38193, was exploited by North Korean state-sponsored actor Lazarus Group. The flaw allowed unauthorized access to sensitive system areas and was addressed in Microsoft’s Patch Tuesday update. The attacks also involved the use of … Read more

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

by

December 18, 2023 at 11:39AM Security researcher Ben Barnea revealed two security flaws in Microsoft Windows that were patched in 2023. These flaws, CVE-2023-35384 and CVE-2023-36710, could be exploited by threat actors to achieve remote code execution on Outlook without user interaction. Mitigation recommendations include microsegmentation and addressing NTLM vulnerabilities. For further updates, follow the … Read more