#CyberSecurity #Microsoft #Windows #Rootkits #NorthKorea: "Hackers backed by the North Korean government gained a major win when Microsoft left a Windows zero-day unpatched for six months after learning it was under active exploitation.
Even after Microsoft patched the vulnerability last month, the company made no mention that the North Korean threat group Lazarus had been using the vulnerability since at least August to install a stealthy rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for malware that had already gained administrative system rights to interact with the Windows kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability."
https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/
Miguel Afonso Caetano /
npub1pw…r95z7
2024-03-05 10:24:41
Author Public Key
npub1pwuvltfvfme0d987k6rs3an6jnv9k2w32zqdlqt5hpy9u3cmv6ps2r95z7Published at
2024-03-05 10:24:41Event JSON
{
"id": "a4f80bedd146375a43fa45b2537b4e2ab9e5657966e9bbfdfbd19a4fea2f86dc",
"pubkey": "0bb8cfad2c4ef2f694feb68708f67a94d85b29d15080df8174b8485e471b6683",
"created_at": 1709634281,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"microsoft"
],
[
"t",
"windows"
],
[
"t",
"rootkits"
],
[
"t",
"northkorea"
],
[
"proxy",
"https://tldr.nettime.org/users/remixtures/statuses/112042592273502991",
"activitypub"
]
],
"content": "#CyberSecurity #Microsoft #Windows #Rootkits #NorthKorea: \"Hackers backed by the North Korean government gained a major win when Microsoft left a Windows zero-day unpatched for six months after learning it was under active exploitation.\n\nEven after Microsoft patched the vulnerability last month, the company made no mention that the North Korean threat group Lazarus had been using the vulnerability since at least August to install a stealthy rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for malware that had already gained administrative system rights to interact with the Windows kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability.\"\n\nhttps://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/",
"sig": "0d536612b0adc5d26f33c811e8fececa764f30c366daeb2afc74a1f59d13b7287eeb6936c71bc9ed4bbab13f03b23e6c04d29e99a3c877c9453a17c8d93db9b7"
}