For six months following Microsoft's discovery, hackers took use of Windows 0-day.  

Hackers supported by North Korea won big when Microsoft left a Windows zero-day unpatched for six months after discovering it was being exploited.  

Last month, Microsoft patched the vulnerability but did not indicate that the North Korean threat group Lazarus had been leveraging it since August to install a covert rootkit on affected PCs.   

Malware with administrator system permissions might stealthily communicate with the Windows kernel through the vulnerability.   

Lazarus took advantage of the weakness  

Microsoft has long maintained that admin-to-kernel elevations do not cross security boundaries, which may explain why it took so long to resolve the vulnerability.  

“Windows security has a thin line between admin and kernel,” said Jan Vojtěšek, an Avast researcher, last week.   

The security servicing criteria have long stated that ‘[a]dministrator-to-kernel is not a security boundary,’ meaning Microsoft can repair admin-to-kernel vulnerabilities at its discretion.  

Thus, the Windows security model cannot prevent admin-level attackers from directly accessing the kernel.  

5 Top zodiac signs who love deeply