"Long-Term Exploitation: Windows Zero-Day Vulnerabilities by Lazarus Hackers"

March 4, 2024 at 10:47 PM

•

1 min read

"Long-Term Exploitation: Windows Zero-Day Vulnerabilities by Lazarus Hackers" — Photo: Ars Technica

TL;DR Summary

Hackers backed by the North Korean government exploited a Windows zero-day vulnerability, CVE-2024-21338, for six months after Microsoft was informed of it, allowing them to install a stealthy rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for malware with administrative system rights to interact with the Windows kernel. Microsoft's delay in patching the vulnerability was attributed to its policy regarding admin-to-kernel vulnerabilities not representing a security boundary. The North Korean threat group Lazarus used the vulnerability to install a custom rootkit, taking advantage of the opportunity for stealth and advanced access to the Windows kernel.

Topics:technology #cybersecurity #lazarus #microsoft #north-korea #rootkit #zero-day

Share this article

Hackers exploited Windows 0-day for 6 months after Microsoft knew of it Ars Technica
North Korea's Lazarus deploys rootkit via AppLocker zero-day flaw CSO Online
Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks The Hacker News
Microsoft Zero-Day Used by Lazarus in Rootkit Attack Dark Reading
Windows Kernel bug fixed last month exploited as zero-day since August BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

81%

535 → 99 words

Want the full story? Read the original article

Read on Ars Technica

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights