Lazarus Group exploits AppLocker vulnerability, causing havoc undetected

Microsoft and its services are constantly under security attacks, and the company is collaborating with government agencies to improve their security.

Unfortunately for Microsoft, another zero-day vulnerability has been found and exploited by hackers.

North Korean hackers have found another exploit that can disable security features

As reported by GovInfoSecurity, the Lazarus hacking group from North Korea has managed to find and use a vulnerability in the Windows AppLocker driver.

By using this exploit, they were able to obtain kernel-level access and turn off the security features of a PC to hide their presence.

The hackers have used an unknown vulnerability in the appid.sys, and this driver is in charge of enforcing rules on which applications can run on the PC.

This is a dangerous vulnerability, and even Microsoft stated that exploiting this vulnerability could let a hacker obtain system privileges. After obtaining access, the hackers would deploy their FudModule rootkit.

By using this rootkit, they would disrupt various kernel security mechanisms thus allowing themselves to operate without being detected.

Luckily, Microsoft was quick to fix this, and it has identified this exploit as CVE-2024-21338, so as long as you have the latest security updates installed, you should be safe.