Hackers exploit the Windows zero-day vulnerabilities, as they offer great advantages.
This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before the vulnerability is found and stopped.
Exploiting these flaws allows hackers to access many users, get important data, or take over systems.
Cybersecurity researchers at Kaspersky recently identified that the QakBot malware has been actively exploiting the Windows zero-day to gain system privileges.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
In early April 2024, while investigating the previously disclosed Windows DWM Core Library EoP vulnerability CVE-2023-36033, researchers at Kaspersky discovered a VirusTotal document from April 1st describing a new, unpatched Windows Desktop Window Manager (DWM) vulnerability that could also lead to system privilege escalation.
Despite poor writing quality and missing exploitation details, analysis confirmed this was a new “zero-day.”
Kaspersky reported their findings to Microsoft, leading to the designation “CVE-2024-30051” and a patch released on May 14, 2024, as part of that month’s Patch Tuesday updates.
After reporting the Windows DWM zero-day CVE-2024-30051 to Microsoft, Kaspersky closely monitored for related exploits.
In mid-April, an exploit was discovered that was being used to deliver QakBot and other malware, indicating multiple threat actors had access to this vulnerability.
Kaspersky plans to publish technical details once users have time to patch and currently detect exploitation attempts and associated malware with the following rulings:-
Protecting users and systems necessitates responsible disclosure of zero-day vulnerabilities and patching.
However, the rapid exploitation of this zero-day by multiple threat actors distributing malware like QakBot also highlights why users and organizations must remain vigilant and apply security updates promptly.
To mitigate zero days until patches can be installed, security researchers must employ ongoing monitoring and behavior-based detection capabilities.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635…
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has…
Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware,…
A recently discovered vulnerability in Red Hat's NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity…
Tor Browser 14.0 has been officially launched. It brings significant updates and new features to…
INE Security offers essential advice to protect digital assets and enhance security. As small businesses…