A critical zero-day vulnerability in Windows (CVE-2024-38193) has been linked to the North Korean hacking group Lazarus, known for targeting professionals in the cryptocurrency and aerospace sectors.
The flaw, located in the AFD.sys driver, allowed attackers to gain unauthorized system privileges and evade detection using specialized malware called Fudmodule.
Microsoft patched the vulnerability this week, and security experts are urging users to install the update immediately to protect against ongoing attacks.
The vulnerability was discovered in June by researchers at Gen Digital, who noted that Lazarus had been actively exploiting it. This zero-day is one of six recently patched by Microsoft that were under active exploitation, highlighting the importance of staying current with security updates.