The corporation destroyed another way to infect systems.
Microsoft has fixed a zero-day vulnerability that was actively used to spread the QakBot botnet on Windows systems.
The heap-based buffer overflow vulnerability CVE-2024-30051 (CVSS score 3.1: 7.8) affects the Desktop Window Manager (DWM) library. A privilege escalation error allows an attacker to gain system privileges on the attacked systems. Microsoft attributed the error to a CVE and fixed it as part of Patch Tuesday.
Desktop Window Manager is a Windows service first introduced in Windows Vista that allows the operating system to use hardware acceleration when rendering graphical interface elements, such as glass window frames and 3D transition animations.
The vulnerability was discovered by Kaspersky Lab specialists while investigating another privilege escalation bug in the DWM library ( CVE-2023-36033, CVSS score 3.1: 7.8). While analyzing data on recent exploits and related attacks, researchers came across an interesting file uploaded to VirusTotal on April 1, 2024.
The file contained information about a vulnerability in DWM that could be used to elevate privileges to the SYSTEM level. The process of exploiting the vulnerability described in the file perfectly corresponded to attacks using CVE-2023-36033, although it described a completely new vulnerability.
Kaspersky Lab noted that the exploit for this vulnerability was used together with QakBot and other malicious programs. It is assumed that several groups have access to the exploit. Security researchers from the Google Threat Analysis Group, DBAPPSecurity WeBin Lab, and Mandiant also reported the vulnerability to Microsoft, pointing to its likely widespread use in malware attacks.
Microsoft has fixed a zero-day vulnerability that was actively used to spread the QakBot botnet on Windows systems.
The heap-based buffer overflow vulnerability CVE-2024-30051 (CVSS score 3.1: 7.8) affects the Desktop Window Manager (DWM) library. A privilege escalation error allows an attacker to gain system privileges on the attacked systems. Microsoft attributed the error to a CVE and fixed it as part of Patch Tuesday.
Desktop Window Manager is a Windows service first introduced in Windows Vista that allows the operating system to use hardware acceleration when rendering graphical interface elements, such as glass window frames and 3D transition animations.
The vulnerability was discovered by Kaspersky Lab specialists while investigating another privilege escalation bug in the DWM library ( CVE-2023-36033, CVSS score 3.1: 7.8). While analyzing data on recent exploits and related attacks, researchers came across an interesting file uploaded to VirusTotal on April 1, 2024.
The file contained information about a vulnerability in DWM that could be used to elevate privileges to the SYSTEM level. The process of exploiting the vulnerability described in the file perfectly corresponded to attacks using CVE-2023-36033, although it described a completely new vulnerability.
Kaspersky Lab noted that the exploit for this vulnerability was used together with QakBot and other malicious programs. It is assumed that several groups have access to the exploit. Security researchers from the Google Threat Analysis Group, DBAPPSecurity WeBin Lab, and Mandiant also reported the vulnerability to Microsoft, pointing to its likely widespread use in malware attacks.
