HomeCII/OTMicrosoft Fixes Zero-Day Exploited By QakBot Malware

Microsoft Fixes Zero-Day Exploited By QakBot Malware

Published on

spot_img

Microsoft recently addressed a critical zero-day vulnerability that cyber attackers were exploiting to distribute malware, including QakBot, on vulnerable Windows systems. The vulnerability, identified as CVE-2024-30051, is a privilege escalation flaw in the Desktop Window Manager (DWM) core library. This flaw allows attackers to gain “SYSTEM privileges,” according to Microsoft.

The Desktop Window Manager (dwm.exe) is a window manager introduced in Windows Vista that handles GUI effects like transparent windows and live taskbar thumbnails. It works by combining window images into a composite view before displaying them on the monitor, allowing for various visual effects in Windows.

Kaspersky researchers discovered this vulnerability while investigating another similar bug in the Windows DWM Core Library. They found a file uploaded to VirusTotal containing information about a privilege escalation vulnerability in the DWM core library. Further analysis confirmed the legitimacy of the zero-day vulnerability, leading to its designation as CVE-2024-30051 and subsequent patching by Microsoft.

After reporting the zero-day to Microsoft, Kaspersky observed exploits involving QakBot and other malware that took advantage of this vulnerability. Security researchers from various organizations also reported the zero-day to Microsoft, indicating potential widespread exploitation in malware attacks.

The U.S. Cybersecurity and Infrastructure Security Agency included CVE-2024-30051 in its Known Exploited Vulnerabilities catalog and urged all federal agencies to apply the patch by June 4. Kaspersky plans to disclose technical details of the vulnerability once users have had sufficient time to update their systems.

QakBot, initially a banking trojan, has evolved into an initial access broker, facilitating ransomware attacks and espionage by providing access to compromised networks. Despite previous law enforcement efforts to dismantle its infrastructure, QakBot re-emerged in phishing campaigns targeting the hospitality industry.

In addition to CVE-2024-30051, Microsoft also patched another zero-day flaw in its May 2024 Patch Tuesday release. This flaw, tracked as CVE-2024-30040, is a security feature bypass vulnerability in the Windows MSHTML platform. It allows a hacker to execute arbitrary code by bypassing OLE mitigations in Microsoft 365 and Office applications.

Overall, the recent Microsoft patches address critical vulnerabilities exploited by cyber attackers to distribute malware and escalate privileges. It is crucial for users and organizations to apply these patches promptly to safeguard their systems against potential threats.

Source link

Latest articles

Progress Restores ShareFile Storage Access Following Security Warning

Progress Restores Access to ShareFile After Temporary Service Suspension Due to Security Threat Following a...

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...

More like this

Progress Restores ShareFile Storage Access Following Security Warning

Progress Restores Access to ShareFile After Temporary Service Suspension Due to Security Threat Following a...

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...