Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group post, augustus 19, 2024augustus 19, 2024 A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in an advisory for the flaw last week. It was addressed by the tech giant as part of its monthly Patch Tuesday update. Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (thehackernews.com): Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group cybersecurity vulnerability 2024DPRK