Cybersecurity Alert: Microsoft’s 6-Month Patch Delay on Windows Rootkit Flaw Exploited by North Korean Hackers

Keyphrase: “Notorious North Korean hackers”

Even Notorious North Korean hackers can’t rush Microsoft—Lazarus Group found the rootkit ‘holy grail’ but Redmond took a chill pill, patching it only after a six-month Windows siesta. 🐌💤🛡️ #CybersecuritySloth

Hot Take:

North Korean hackers found the cybersecurity equivalent of Willy Wonka’s golden ticket in Windows, and Microsoft, playing the role of a particularly lax factory gatekeeper, took a leisurely six-month stroll before fixing the gaping hole. Meanwhile, Apple’s keeping the doctor away with a fresh batch of updates, and the NSA is handing out cloud security advice like Oprah giving away cars. “You get a security tip! And you get a security tip! Everybody gets a security tip!” Also, Jordanian women are getting a cybersecurity boost, because it’s high time the InfoSec workforce gets a splash of much-needed diversity!

Key Points:

  • The Lazarus Group, North Korea’s cyber-gift to the world, exploited a “holy grail” Windows rootkit vulnerability that Microsoft took half a year to patch (CVE-2024-21338, CVSS score of 8/10).
  • Avast researchers tipped off Microsoft about the flaw in AppLocker’s appid.sys, which could’ve let attackers play puppeteer with the kernel.
  • Apple isn’t slacking like its rival, dropping fixes for iOS and iPadOS, including patches for two actively exploited vulnerabilities (CVE-2024-23225 and CVE-2024-23296).
  • The NSA and CISA are doling out cloud security pro-tips because apparently, the sky (cloud?) is the limit when it comes to potential breaches.
  • The White House and several open-source groups are empowering Jordanian women with cybersecurity training, aiming to diversify the cyber workforce.
Cve id: CVE-2024-23277
Cve state: PUBLISHED
Cve assigner short name: apple
Cve date updated: 03/08/2024
Cve description: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

Title: Chirp Systems Chirp Access Use of Hard-coded Credentials
Cve id: CVE-2024-2197
Cve state: PUBLISHED
Cve assigner short name: icscert
Cve date updated: 03/19/2024
Cve description: Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access.

Title: Windows Kernel Elevation of Privilege Vulnerability
Cve id: CVE-2024-21338
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 02/23/2024
Cve description: Windows Kernel Elevation of Privilege Vulnerability

Cve id: CVE-2024-20337
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 03/06/2024
Cve description: A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

Cve id: CVE-2024-23296
Cve state: PUBLISHED
Cve assigner short name: apple
Cve date updated: 03/05/2024
Cve description: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Cve id: CVE-2024-23288
Cve state: PUBLISHED
Cve assigner short name: apple
Cve date updated: 03/08/2024
Cve description: This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.

Cve id: CVE-2024-23243
Cve state: PUBLISHED
Cve assigner short name: apple
Cve date updated: 03/05/2024
Cve description: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.

Cve id: CVE-2024-23225
Cve state: PUBLISHED
Cve assigner short name: apple
Cve date updated: 03/05/2024
Cve description: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Need to know more?

A Patch in Time Saves...Oh, Never Mind

So the notorious North Korean hacker squad, Lazarus Group, discovered the cybersecurity equivalent of an "all-access backstage pass" in Windows, and Microsoft, in its infinite wisdom, decided to hit the snooze button for six months. The tech giant's equivalent of "it's just a flesh wound" approach to a rootkit vulnerability left their system's innards exposed long enough for Lazarus to set up camp. When Microsoft finally patched the issue, they played coy about the active exploitation, only spilling the beans after Avast turned up the heat with a report.

Apple's Patch Parade

While Microsoft was taking its sweet time, Apple was busy unleashing a flurry of patches for everything from iOS and iPadOS to Safari, because why let your devices turn into a playground for cyber ne'er-do-wells? With vulnerabilities that could allow keyboard spoofing, privilege escalation, and who knows what else, Apple users had to update faster than you can say, "Wait, which version am I on again?"

NSA's Cloudy with a Chance of Security Tips

The NSA and CISA, in a rare moment of generosity, decided to share their sacred knowledge on cloud security. They dished out ten commandments—I mean, tips—for securing the cloud. Because nothing says cybersecurity like telling people to do the tech equivalent of locking their doors and not writing their passwords on Post-It notes. Revolutionary, right?

Empowering Jordan's Cyber Women

Last but certainly not least, in a move that's more heartwarming than a puppy in a basket of kittens, the White House and open-source superheroes are giving 250 Jordanian women the keys to the cybersecurity kingdom. With access to over 100 security courses and certifications, these women are about to break down barriers like they're firewall pinatas, hopefully setting the stage for a global cybersecurity sisterhood.

Well, that wraps up this cyber-soiree. Remember, folks, in the world of cybersecurity, complacency is the root of all hackery. So go forth, update thy devices, and may your kernels remain unpopped!

Tags: access control flaws, Apple Security Updates, Cloud Security Tips, CVE-2024-21338, Lazarus Group, Rootkit Vulnerability, women in cybersecurity