HomeMalware & ThreatsMicrosoft Fixes Zero-Day Exploited by QakBot

Microsoft Fixes Zero-Day Exploited by QakBot

Published on

spot_img

Microsoft has recently released a patch to address a zero-day vulnerability in Windows that was actively being exploited by the QakBot botnet operators and other hackers. The security researchers at Kaspersky discovered this flaw in April, which allowed threat actors to gain elevated privileges on the affected systems. This vulnerability, known as CVE-2024-30051, was rated as “important” on the CVSS scale and was being used in conjunction with other code execution bugs, typically by ransomware groups.

The flaw was identified in the Desktop Window Manager, a crucial function in Microsoft operating systems that handles off-screen buffers for each window to render displays and apply various visual effects. Dustin Childs of the Zero Day Initiative highlighted the severity of such bugs, emphasizing that they are often exploited in combination with other vulnerabilities to take control of a system. Microsoft credited multiple research groups, including DBAPPSecurity, Google, and Mandiant, for reporting the issue, indicating widespread attacks leveraging this vulnerability.

Interestingly, Kaspersky researchers stumbled upon this zero-day while investigating a separate patched flaw in the Desktop Window Manager. Their hunt for malware samples led them to a suspicious document uploaded to VirusTotal, containing instructions on how to exploit the zero-day to gain system privileges. This discovery shed light on the evolving tactics of cybercriminals, with QakBot operators transitioning from a banking Trojan to serving as initial access brokers for other malicious actors, including ransomware groups.

In addition to addressing the CVE-2024-30051 vulnerability, Microsoft’s latest Patch Tuesday also included a fix for another active zero-day (CVE-2024-30040) in the browser engine MSHTML, commonly associated with Internet Explorer. Despite the deprecated status of Internet Explorer, Microsoft continues to maintain compatibility with this rendering engine in its operating systems. Exploiting this vulnerability requires social engineering tactics to trick victims into opening a malicious document, allowing the attacker to execute arbitrary code by bypassing OLE mitigations in Microsoft’s office applications.

Overall, the rapid response from Microsoft in patching these zero-day vulnerabilities underscores the ongoing threat posed by cybercriminals and the crucial role of proactive cybersecurity measures in safeguarding against such attacks. The collaboration between security researchers, technology companies, and law enforcement agencies remains essential in thwarting malicious activities and ensuring the resilience of digital infrastructure in the face of evolving cyber threats.

Source link

Latest articles

Spy agencies describe ramped up election influence in latest check-in

U.S. intelligence agencies have issued a warning that foreign actors are intensifying their efforts...

How I Responded to Hackers Targeting Me – AARP

When faced with a cyber attack, many people may feel overwhelmed and unsure of...

September 2024 Patch Tuesday forecast: Downgrade is the new exploit

In the latest Patch Tuesday update for August 2024, Microsoft released a limited set...

The Cybersecurity Cat-And-Mouse Challenge

In the world of cybersecurity, the battle between threat actors and defenders is constantly...

More like this

Spy agencies describe ramped up election influence in latest check-in

U.S. intelligence agencies have issued a warning that foreign actors are intensifying their efforts...

How I Responded to Hackers Targeting Me – AARP

When faced with a cyber attack, many people may feel overwhelmed and unsure of...

September 2024 Patch Tuesday forecast: Downgrade is the new exploit

In the latest Patch Tuesday update for August 2024, Microsoft released a limited set...
en_USEnglish