Lazarus hacker group exploits Windows component to gain maximum privileges, patch ASAP
Take action: Another motivator to patch your Windows - hackers have weaponized a vulnerability so their malware becomes part of your system and is not detectable for a long time.
Learn More
Lazarus Group a hacker gang suspected to be North Korean cyber operative, uses a vulnerability within the Windows AppLocker driver (`appid.sys`) to achieve kernel-level access and deactivate security tools. The flaw, tracked as CVE-2024-21338, was used to execute code at the kernel level by manipulating the Input and Output Control (IOCTL) dispatcher within the `appid.sys` driver, allowing the execution of arbitrary pointers and bypassing standard security protocols.
Lazarus Group incorporated this exploit it into an upgraded version of their FudModule rootkit. The updated FudModule rootkit has enhanced stealth capabilities and functionalities, such as new evasion techniques and the disabling of security protections including Microsoft Defender and CrowdStrike Falcon. This allows the hackers to conduct more covert operations and maintain persistence on infiltrated systems for extended periods.
Microsoft addressed this vulnerability during its February 2024 Patch Tuesday updates, among 73 other flaws, underscoring the critical importance of applying these security updates promptly to protect against such sophisticated threats.
