Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock. Microsoft addressed the vulnerability with Path Tuesday security updates released in August 2024, the IT giant also warned that the flaw was exploited in attacks in the wild. Gen Threat Labs recently uncovered and reported a major security flaw known as a zero-day vulnerability (CVE-2024-38193), which Microsoft has now fixed.