Microsoft fixes software bug that could have left devices open to malware

Zero-day used in QakBot attacks has been fixed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas released its latest cumulative Patch Tuesday update for May 2024, including a fix for a zero-day vulnerability that was allegedly used to deliver the QakBotmalwareto vulnerable Windows devices.

Among the vulnerabilities addressed this time around is a heap-based buffer overflow vulnerability found in Desktop Window Manager (DWM).

The flaw is tracked as CVE-2024-30051, can result in privilege escalation and allows threat actors to gain SYSTEM privileges on target endpoints.

QakBot activity

The Desktop Window Manager (DWM) is a Windows service responsible for managing visual effects, transparency, window animations, and various other graphical elements. Microsoft first added it to Windows Vista, and has been a part of the OS ever since.

This privilege escalation flaw was first found by Kaspersky’s researchers, who were looking at an entirely different exploit when they stumbled upon a file on VirusTotal that described the flaw.

“After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability,” Kaspersky said. “We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it.”

QakBot, sometimes referred to as Qbot, is an ancient banking trojan, first spotted almost two decades ago (in 2008). At first, its developers built it to steal banking credentials, credit card information, and other similar data. Since then, Qbot evolved into a dropper, being used on infected devices to deliver additional malicious payloads.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Last summer, an international team of law enforcement agencies initiated Operation Duck Hunt, which dismantled QakBot’s infrastructure. However, the malware soon re-emerged, targeting businesses in the hospitality industry.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics