CVE-2024-38193

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the August 2024 update microsoft windows 10 1507 (<10.0.10240.20751) microsoft windows 10 1607 (<10.0.14393.7259) microsoft windows 10 1809 (<10.0.17763.6189) microsoft windows 10 21h2 (<10.0.19044.4780) microsoft windows 10 22h2 (<10.0.19045.4780)

Description The issue is related to a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. It has been actively exploited by the Lazarus Group, a North Korea-linked APT group, to gain SYSTEM privileges on the latest Windows operating systems. The vulnerability allows attackers to manipulate kernel structures, gaining read and write access. It is a use-after-free flaw in the AFD.sys driver, which is installed by default on all Windows devices, making it a significant threat. The estimated number of potentially affected devices worldwide is not specified, but it is considered a major threat due to the widespread use of Windows devices.

Recommendations As a temporary workaround, consider disabling the afd.sys driver until a patch is available. Restrict access to the vulnerable module AFD.sys to minimize the risk of exploitation. Apply the August 2024 updates released by Microsoft to patch the vulnerability. Update Microsoft Windows to a version that includes the fix for this issue.