In its recent Patch Tuesday cumulative update, Microsoft addressed a significant privilege escalation vulnerability within the Windows Ancillary Function Driver (AFD.sys) for WinSock. This flaw, designated as CVE-2024-38193, has been assigned a severity score of 7.8, indicating its potential for serious exploitation. If successfully leveraged, this vulnerability could allow attackers to gain administrative privileges on affected systems. Microsoft has cautioned that “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
Lazarus strikes again
Security firms such as Norton, Avira, and Avast have linked this vulnerability to the notorious Lazarus Group, a state-sponsored hacking organization from North Korea. According to Gen Digital, the exploitation of this flaw enabled the group to infiltrate sensitive areas of systems, stating, “This flaw allowed them to gain unauthorized access to sensitive system areas.” The breach effectively bypassed standard security measures, granting access to regions typically restricted to users and administrators alike.
The implications of such an attack are profound, with estimates suggesting that the techniques employed could be valued at several hundred thousand dollars on the black market. This is particularly alarming as the group appears to be targeting individuals in high-stakes fields, including cryptocurrency engineering and aerospace. The goal is to infiltrate their employers’ networks and pilfer cryptocurrencies, which may be used to finance further malicious operations.
Lazarus Group has established a reputation for orchestrating some of the most impactful cyberattacks in recent memory. Among their tactics is the creation of deceptive job offers, often utilizing fake LinkedIn profiles or impersonating well-known figures to lure software developers with enticing job propositions. One notable incident involved a blockchain developer, leading to a staggering theft of approximately 0 million from a cryptocurrency initiative. Analysts suggest that the funds may be funneled into supporting North Korea’s state activities and military programs.
<section class="newsletter-formtop-bar”>
<section class="newsletter-formmain-section” readability=”30″>Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via The Hacker News
<h3 class="article-bodysection” id=”section-more-from-techradar-pro”>More from TechRadar Pro
