
Microsoft has addressed a critical zero-day vulnerability during this moth patch Tuesday release. The vulnerability tracked as CVE-2024-30051 with a CVS score of 7.8, that was actively exploited by attackers to deliver the notorious QakBot malware and other malicious payloads. This security flaw, residing in the Windows Desktop Window Manager (DWM) core library, allowed threat actors to escalate their privileges to the highest system level, gaining full control over compromised machines.
The vulnerability was uncovered by researchers at Kaspersky during an investigation into another DWM-related zero-day exploit. They discovered a document uploaded to VirusTotal that contained information about the flaw, which could be leveraged to elevate privileges to SYSTEM level. Despite some missing details, Kaspersky confirmed the existence of the vulnerability and promptly reported it to Microsoft.
Though the patch was released today, Kaspersky’s monitoring revealed that the vulnerability was already being exploited in conjunction with QakBot and other malware, suggesting multiple threat actors had access to the exploit.
QakBot, is a banking trojan and malware delivery service, has been linked to numerous high-profile ransomware attacks and data breaches. Despite a previous takedown in 2023, the malware resurfaced in targeted phishing campaigns against the hospitality industry.
Users and organizations are strongly advised to apply the latest Windows security updates without delay to mitigate the risk of compromise. Given the severity of the vulnerability and its active exploitation, prompt action is crucial to protect systems from QakBot and other malicious threats.
Even CISA has promptly added this vulnerability to its Know exploited catalog, this show the criticality of the vulnerability.


