Lazarus Group exploits AppLocker vulnerability, causing havoc undetected
Microsoft was fast to respond and squash this vulnerability
2 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Microsoft and its services are constantly under security attacks, and the company is collaborating with government agencies to improve their security.
Unfortunately for Microsoft, another zero-day vulnerability has been found and exploited by hackers.
North Korean hackers have found another exploit that can disable security features
As reported by GovInfoSecurity, the Lazarus hacking group from North Korea has managed to find and use a vulnerability in the Windows AppLocker driver.
By using this exploit, they were able to obtain kernel-level access and turn off the security features of a PC to hide their presence.
The hackers have used an unknown vulnerability in the appid.sys, and this driver is in charge of enforcing rules on which applications can run on the PC.
This is a dangerous vulnerability, and even Microsoft stated that exploiting this vulnerability could let a hacker obtain system privileges. After obtaining access, the hackers would deploy their FudModule rootkit.
By using this rootkit, they would disrupt various kernel security mechanisms thus allowing themselves to operate without being detected.
Luckily, Microsoft was quick to fix this, and it has identified this exploit as CVE-2024-21338, so as long as you have the latest security updates installed, you should be safe.
