Hackers exploit the Windows zero-day vulnerabilities, as they offer great advantages.
This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before the vulnerability is found and stopped.
Exploiting these flaws allows hackers to access many users, get important data, or take over systems.
Cybersecurity researchers at Kaspersky recently identified that the QakBot malware has been actively exploiting the Windows zero-day to gain system privileges.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
In early April 2024, while investigating the previously disclosed Windows DWM Core Library EoP vulnerability CVE-2023-36033, researchers at Kaspersky discovered a VirusTotal document from April 1st describing a new, unpatched Windows Desktop Window Manager (DWM) vulnerability that could also lead to system privilege escalation.
Despite poor writing quality and missing exploitation details, analysis confirmed this was a new “zero-day.”
Kaspersky reported their findings to Microsoft, leading to the designation “CVE-2024-30051” and a patch released on May 14, 2024, as part of that month’s Patch Tuesday updates.
After reporting the Windows DWM zero-day CVE-2024-30051 to Microsoft, Kaspersky closely monitored for related exploits.
In mid-April, an exploit was discovered that was being used to deliver QakBot and other malware, indicating multiple threat actors had access to this vulnerability.
Kaspersky plans to publish technical details once users have time to patch and currently detect exploitation attempts and associated malware with the following rulings:-
Protecting users and systems necessitates responsible disclosure of zero-day vulnerabilities and patching.
However, the rapid exploitation of this zero-day by multiple threat actors distributing malware like QakBot also highlights why users and organizations must remain vigilant and apply security updates promptly.
To mitigate zero days until patches can be installed, security researchers must employ ongoing monitoring and behavior-based detection capabilities.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…
A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has…
The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial…
Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade detection…
A financial management app named Finance Simplified has been revealed as a malicious tool for…
A recent discovery by cybersecurity researchers has revealed that the Poseidon malware, a macOS-targeting trojan,…