HomeWinBuzzer NewsMicrosoft Finally Patches Windows Rootkit Vulnerability Exploited by North Korean Lazarus Group...

Microsoft Finally Patches Windows Rootkit Vulnerability Exploited by North Korean Lazarus Group Hackers

A critical Windows flaw allowed Lazarus hackers to install a rootkit. Avast reported it in August 2023 but Microsoft took 6 months to patch


experts have discovered a significant rootkit vulnerability within Windows, which North Korean , known as the Lazarus Group, had been exploiting. security researchers identified the exploit in Windows' AppLocker component, through which an attacker could manipulate the input/output control dispatcher of the appid.sys driver from userspace, achieving unauthorized kernel access. This flaw provided the Lazarus Group an ideal scenario for kernel manipulation by enabling arbitrary kernel function calls. Using this exploit, the group successfully installed the FudModule rootkit, gaining extensive control over affected systems.

Microsoft's Response and Patching Delay

Avast notified about this critical exploit in August of the previous year. However, Microsoft initially categorized admin-to-kernel exploits as matters of discretionary patching due to its policy that views administrative processes as part of the Trusted Computing Base for Windows, thus implying a lower isolation from the kernel boundary. As a result, Microsoft took six months to address this issue, releasing a fix in February's Patch Tuesday under the identifier CVE-2024-21338, which it rated with a CVSS score of 8/10. Avast criticized Microsoft for not acknowledging the active exploitation of this vulnerability upon the release of the patch. Only after Avast made its findings public did Microsoft amend its patch bulletin to reflect the situation accurately.

Broader Cybersecurity Concerns

This incident highlights broader cybersecurity issues, including critical vulnerabilities recently discovered in 's iOS and , urging users to update their devices promptly. Other notable vulnerabilities include access control flaws in Linear eMerge E3 series and inadequate user input validation in Cisco Secure Client, underlining the pervasive challenges in cybersecurity across various platforms and devices. Additionally, efforts to bolster cloud security are underway, with the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency releasing tips for mitigating risks in cloud configurations.

Moreover, initiatives to enhance the cybersecurity workforce are gaining traction. For instance, a new pilot program targeted at Jordanian women aims to increase their participation in the cybersecurity field by offering access to over 100 free security courses and certifications. This move, in partnership with notable organizations such as , represents a significant stride toward creating a more inclusive and diverse cybersecurity workforce globally.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News