North Korean threat actors exploited a flaw in the Windows AppLocker driver (appid.sys)
Avast identified a Windows kernel vulnerability (CVE-2024-21338) and reported it to Microsoft, who fixed it in February's Patch Tuesday.
Lazarus targeted AhnLab, Windows Defender, CrowdStrike, and HitmanPro security products.
Lazarus' new exploit lets them hide attacks and stay on systems longer.
The only effective security measure is to apply the February 2024 Patch Tuesday updates as soon as possible,