Urgent: Update Your Windows to Fix Security Flaw Exploited by QakBot | Tech News

Urgent: Update Your Windows to Fix Security Flaw Exploited by QakBot | Tech News
Urgent: Update Your Windows to Fix Security Flaw Exploited by QakBot | Tech News

Microsoft has patched a critical zero-day vulnerability in Windows systems, exploited by QakBot malware to gain SYSTEM privileges. Discovered by Kaspersky researchers, this flaw in the Desktop Window Manager was swiftly addressed during this month’s Patch Tuesday. Indian users are advised to update their systems to stay protected.

Microsoft Fixes Zero-Day Vulnerability Exploited by QakBot Malware

Key Highlights

  • Microsoft patches a critical zero-day vulnerability in Windows systems exploited by QakBot malware.
  • The vulnerability allows attackers to gain SYSTEM privileges through the Desktop Window Manager service.
  • Security researchers discovered the flaw and reported it, leading to a timely patch from Microsoft.

Microsoft has recently patched a critical zero-day vulnerability in Windows systems that was being exploited to deliver the QakBot malware and other malicious payloads. This vulnerability, tracked as CVE-2024-30051affects the Desktop Window Manager (DWM) core library and allows attackers to gain SYSTEM privileges.

Discovery and Details

The vulnerability was discovered by Kaspersky security researchers while investigating a similar bug, CVE-2023-36033, also found in the DWM Core Library. This bug, caused by a heap-based buffer overflow, was being actively exploited in the wild. The researchers identified the new vulnerability from a file uploaded to VirusTotal on April 1, 2024, which provided clues about a potential Windows DWM issue.

How the Vulnerability Works

The Desktop Window Manager is a service in Windows that uses hardware acceleration to render graphical user interface elements like glass window frames and 3D transitions. A successful exploit of this vulnerability allows attackers to escalate their privileges to SYSTEM level, giving them complete control over the affected system.

Patch and Response

Microsoft addressed the vulnerability during this month’s Patch Tuesday. “After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability,” Kaspersky said.

Impact and Exploitation

The vulnerability has been used in conjunction with QakBot, a notorious piece of malware that started as a banking trojan and evolved into a malware delivery service. QakBot has been linked to numerous ransomware attacks and is known for providing initial access to enterprise and home networks for various threat actors.

Major Findings and Reports

Security researchers from Google Threat Analysis Group, DBAPPSecurity WeBin Lab, and Google Mandiant also reported this zero-day to Microsoft, indicating widespread exploitation. The collaborative efforts of these groups highlight the severity and urgency of addressing such vulnerabilities.

QakBot’s History and Evolution

QakBotalso known as Qbot, began as a banking trojan in 2008, targeting financial data. Over the years, it has evolved, partnering with other threat groups to deliver ransomware and steal sensitive information. Despite being dismantled in August 2023 during Operation ‘Duck Hunt,’ QakBot re-emerged in phishing campaigns by December 2023.

Global and Indian Context

QakBot has been linked to over 40 ransomware attacks globally, affecting companies, healthcare providers, and government agencies, causing hundreds of millions of dollars in damages. In India, where cybersecurity threats are rising, it is crucial for users to stay updated on such vulnerabilities and ensure their systems are patched promptly.

Preventive Measures

Indian users are advised to update their Windows systems with the latest patches from Microsoft to protect against this vulnerability. Regular software updates, combined with robust cybersecurity practices, are essential to safeguard against such threats.

Key Information

Appearance Details
Vulnerability ID CVE-2024-30051
Affected Component Desktop Window Manager (DWM) Core Library
Discovery Kaspersky Security Researchers
Date of discovery April 1, 2024
Impact SYSTEM Privileges Escalation
Patch Released Yes, during May 2024 Patch Tuesday
Associated Malware QakBot (Qbot), Other Malware Payloads
Initial Exploit Date Mid-April 2024
Reported by Google Threat Analysis Group, DBAPPSecurity, Google Mandiant
Operation Dismantling QakBot Operation ‘Duck Hunt’ by FBI, August 2023
QakBot’s Re-emergence December 2023, in Phishing Campaigns
Financial Damage Linked to QakBot Hundreds of millions of dollars
-

-

PREV Is Egypt for sale? | TV5MONDE
NEXT Compiègne. Fire and lots of smoke in the building in the Pompidou district, evacuated of its inhabitants by firefighters