Windows AFD for WinSock vulnerability exploited by North Korean Lazarus Group
Take action: North Korean hackers actively using a vulnerability is another great reason to patch your Windows system.
Learn More
Security researchers have identified that the North Korean hacker group Lazarus are exploiting a vulnerability in the Windows Windows Ancillary Function Drive (AFD.sys) driver, to gain kernel-level access to targeted systems.
The flaw tracked as CVE-2024-38193 in the AFD.sys driver, responsible for handling advanced file operations in Windows, allow attackers to bypass security restrictions and access system areas typically off-limits to standard users and administrators. Successful exploitation could allow attackers to obtain SYSTEM privileges, leading to a complete system compromise.
The vulnerability, tracked as CVE-2024-38193, was patched in the August 2024 Patch Tuesday updates. Users are advised to update their Windows OS as soon as possible.
Lazarus, also known as APT38, is a advanced persistent threat (APT) group believed to be backed by the North Korean government. Active since at least 2009, the group has been involved in several high-profile attacks targeting industries like finance, government, and technology.
