HomeMalware & ThreatsMicrosoft Fixes Zero-Day Exploited by QakBot

Microsoft Fixes Zero-Day Exploited by QakBot

Published on

spot_img

Microsoft has recently released a patch to address a zero-day vulnerability in Windows that was actively being exploited by the QakBot botnet operators and other hackers. The security researchers at Kaspersky discovered this flaw in April, which allowed threat actors to gain elevated privileges on the affected systems. This vulnerability, known as CVE-2024-30051, was rated as “important” on the CVSS scale and was being used in conjunction with other code execution bugs, typically by ransomware groups.

The flaw was identified in the Desktop Window Manager, a crucial function in Microsoft operating systems that handles off-screen buffers for each window to render displays and apply various visual effects. Dustin Childs of the Zero Day Initiative highlighted the severity of such bugs, emphasizing that they are often exploited in combination with other vulnerabilities to take control of a system. Microsoft credited multiple research groups, including DBAPPSecurity, Google, and Mandiant, for reporting the issue, indicating widespread attacks leveraging this vulnerability.

Interestingly, Kaspersky researchers stumbled upon this zero-day while investigating a separate patched flaw in the Desktop Window Manager. Their hunt for malware samples led them to a suspicious document uploaded to VirusTotal, containing instructions on how to exploit the zero-day to gain system privileges. This discovery shed light on the evolving tactics of cybercriminals, with QakBot operators transitioning from a banking Trojan to serving as initial access brokers for other malicious actors, including ransomware groups.

In addition to addressing the CVE-2024-30051 vulnerability, Microsoft’s latest Patch Tuesday also included a fix for another active zero-day (CVE-2024-30040) in the browser engine MSHTML, commonly associated with Internet Explorer. Despite the deprecated status of Internet Explorer, Microsoft continues to maintain compatibility with this rendering engine in its operating systems. Exploiting this vulnerability requires social engineering tactics to trick victims into opening a malicious document, allowing the attacker to execute arbitrary code by bypassing OLE mitigations in Microsoft’s office applications.

Overall, the rapid response from Microsoft in patching these zero-day vulnerabilities underscores the ongoing threat posed by cybercriminals and the crucial role of proactive cybersecurity measures in safeguarding against such attacks. The collaboration between security researchers, technology companies, and law enforcement agencies remains essential in thwarting malicious activities and ensuring the resilience of digital infrastructure in the face of evolving cyber threats.

Source link

Latest articles

FCC urges immediate cybersecurity upgrade in response to Salt Typhoon espionage incident

The Federal Communications Commission (FCC) has announced new cybersecurity measures aimed at improving network...

Russian hackers take control of Pakistani hackers’ servers for their own purposes

In a recent cyber-espionage revelation, the infamous Russian hacking group Turla, also known as...

Selecting Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a comprehensive...

CISA Alert: Exploitation of Vulnerabilities in Zyxel, ProjectSend, and CyberPanel Detected

The recent addition of multiple security flaws affecting products from Zyxel, North Grid Proself,...

More like this

FCC urges immediate cybersecurity upgrade in response to Salt Typhoon espionage incident

The Federal Communications Commission (FCC) has announced new cybersecurity measures aimed at improving network...

Russian hackers take control of Pakistani hackers’ servers for their own purposes

In a recent cyber-espionage revelation, the infamous Russian hacking group Turla, also known as...

Selecting Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a comprehensive...