Microsoft patches Windows security hole exploited by North Korean hackers – but is it too late?

As part of the latest cumulative Patch Tuesday update, Microsoft fixed a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. This bug is tracked as CVE-2024-38193 and has a severity rating of 7.8.

Exploitation of this flaw appears to grant attackers administrative privileges on the vulnerable endpoint. Microsoft notes that “an attacker who successfully exploits this vulnerability could gain SYSTEM privileges.”