HomeCII/OTMicrosoft Fixes Zero-Day Exploited By QakBot Malware

Microsoft Fixes Zero-Day Exploited By QakBot Malware

Published on

spot_img

Microsoft recently addressed a critical zero-day vulnerability that cyber attackers were exploiting to distribute malware, including QakBot, on vulnerable Windows systems. The vulnerability, identified as CVE-2024-30051, is a privilege escalation flaw in the Desktop Window Manager (DWM) core library. This flaw allows attackers to gain “SYSTEM privileges,” according to Microsoft.

The Desktop Window Manager (dwm.exe) is a window manager introduced in Windows Vista that handles GUI effects like transparent windows and live taskbar thumbnails. It works by combining window images into a composite view before displaying them on the monitor, allowing for various visual effects in Windows.

Kaspersky researchers discovered this vulnerability while investigating another similar bug in the Windows DWM Core Library. They found a file uploaded to VirusTotal containing information about a privilege escalation vulnerability in the DWM core library. Further analysis confirmed the legitimacy of the zero-day vulnerability, leading to its designation as CVE-2024-30051 and subsequent patching by Microsoft.

After reporting the zero-day to Microsoft, Kaspersky observed exploits involving QakBot and other malware that took advantage of this vulnerability. Security researchers from various organizations also reported the zero-day to Microsoft, indicating potential widespread exploitation in malware attacks.

The U.S. Cybersecurity and Infrastructure Security Agency included CVE-2024-30051 in its Known Exploited Vulnerabilities catalog and urged all federal agencies to apply the patch by June 4. Kaspersky plans to disclose technical details of the vulnerability once users have had sufficient time to update their systems.

QakBot, initially a banking trojan, has evolved into an initial access broker, facilitating ransomware attacks and espionage by providing access to compromised networks. Despite previous law enforcement efforts to dismantle its infrastructure, QakBot re-emerged in phishing campaigns targeting the hospitality industry.

In addition to CVE-2024-30051, Microsoft also patched another zero-day flaw in its May 2024 Patch Tuesday release. This flaw, tracked as CVE-2024-30040, is a security feature bypass vulnerability in the Windows MSHTML platform. It allows a hacker to execute arbitrary code by bypassing OLE mitigations in Microsoft 365 and Office applications.

Overall, the recent Microsoft patches address critical vulnerabilities exploited by cyber attackers to distribute malware and escalate privileges. It is crucial for users and organizations to apply these patches promptly to safeguard their systems against potential threats.

Source link

Latest articles

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...

The Challenge of CVE Incentives

In the realm of cybersecurity, the issue of software vulnerabilities is becoming increasingly challenging...

More like this

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...
en_USEnglish