Microsoft fixes software bug that could have left devices open to malware

News
By
published

Zero-day used in QakBot attacks has been fixed

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Microsoft has released its latest cumulative Patch Tuesday update for May 2024, including a fix for a zero-day vulnerability that was allegedly used to deliver the QakBot malware to vulnerable Windows devices.

Among the vulnerabilities addressed this time around is a heap-based buffer overflow vulnerability found in Desktop Window Manager (DWM). 

The flaw is tracked as CVE-2024-30051, can result in privilege escalation and allows threat actors to gain SYSTEM privileges on target endpoints. 

QakBot activity

The Desktop Window Manager (DWM) is a Windows service responsible for managing visual effects, transparency, window animations, and various other graphical elements. Microsoft first added it to Windows Vista, and has been a part of the OS ever since. 

This privilege escalation flaw was first found by Kaspersky’s researchers, who were looking at an entirely different exploit when they stumbled upon a file on VirusTotal that described the flaw. 

"After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability," Kaspersky said. "We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it."

QakBot, sometimes referred to as Qbot, is an ancient banking trojan, first spotted almost two decades ago (in 2008). At first, its developers built it to steal banking credentials, credit card information, and other similar data. Since then, Qbot evolved into a dropper, being used on infected devices to deliver additional malicious payloads. 

Last summer, an international team of law enforcement agencies initiated Operation Duck Hunt, which dismantled QakBot’s infrastructure. However, the malware soon re-emerged, targeting businesses in the hospitality industry.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.