Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Lazarus Group exploits AppLocker vulnerability, causing havoc undetected

Microsoft was fast to respond and squash this vulnerability

2 min. read

Published onMarch 1, 2024

published onMarch 1, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft and its services are constantly under security attacks, and thecompany is collaborating with government agenciesto improve their security.

Unfortunately for Microsoft, another zero-day vulnerability has been found and exploited by hackers.

North Korean hackers have found another exploit that can disable security features

North Korean hackers have found another exploit that can disable security features

As reported byGovInfoSecurity, the Lazarus hacking group from North Korea has managed to find and use a vulnerability in the Windows AppLocker driver.

By using this exploit, they were able to obtain kernel-level access and turn off the security features of a PC to hide their presence.

The hackers have used an unknown vulnerability in the appid.sys, and this driver is in charge of enforcing rules on which applications can run on the PC.

This is a dangerous vulnerability, and even Microsoft stated that exploiting this vulnerability could let a hacker obtain system privileges. After obtaining access, the hackers would deploy their FudModule rootkit.

By using this rootkit, they would disrupt various kernel security mechanisms thus allowing themselves to operate without being detected.

Luckily, Microsoft was quick to fix this, and it has identified this exploit asCVE-2024-21338, so as long as you have the latest security updates installed, you should be safe.

More about the topics:security

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Milan Stanojevic

Windows Toubleshooting Expert

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.