Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

[CVSS 7+] Microsoft Zero-Day: Lazarus Exploit Revealed

What Happened

It has been reported that the Lazarus Group has exploited a Microsoft vulnerability in the Windows AppLocker driver, as a zero-day.

An Avast analysts discovered this activity and promptly reported it to Microsoft. In response, Microsoft addressed this flaw, now known as CVE-2024-21338, in their February Patch Tuesday.

However, Microsoft did not initially disclose it as a zero-day exploit. Later, the company acknowledged that the flaw had indeed been exploited.

About CVE-2024-21338

CVE-2024-21338 represents a high-severity vulnerability within the Windows operating system, scoring 7.8 on the CVSS scale. This flaw, tied to the IOCTL dispatcher of the appid.sys driver, could allow attackers to gain elevated privileges.

Such an exploit would enable attackers to achieve higher access levels within the system, potentially leading to unauthorized data access, system control, and disabling of security mechanisms.

About the Exploit

An Avast analysts discovered the Lazarus Group exploiting the Microsoft zero-day, CVE-2024-21338.

Initially, the group targeted the IOCTL dispatcher in appid.sys. This action enabled them to execute unauthorized code, effectively bypassing security protocols. As a result, their activity enhanced the FudModule rootkit. It now includes techniques for evading detection and disabling key security solutions. These security solutions include Microsoft Defender and CrowdStrike Falcon.

Consequently, this discovery underscores the urgent need for the application of Microsoft’s February 2024 Patch Tuesday updates. For a more in-depth understanding, please refer to Avast’s detailed analysis here.

About Lazarus Group

The Lazarus Group, linked to North Korea, has been active since 2009. They engage in cyber espionage, sabotage, and financial theft. Their tactics have evolved, using sophisticated malware and hacking techniques.

Among their numerous operations, two attacks stand out for their audacity and impact:

  • Sony Pictures Hack (2014): In a bold move, they infiltrated Sony Pictures, leaking sensitive data and causing widespread disruption. This attack not only demonstrated their capability to target and damage high-profile organizations but also highlighted their intent to intimidate.
  • Bangladesh Bank Heist (2016): In an audacious attempt at financial cybercrime, they attempted to steal $1 billion from Bangladesh’s Central Bank. As a result, they successfully transferred $81 million. This operation showcased their sophisticated approach to financial theft, further emphasizing the diverse nature of their targets and methods.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.