Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft fixes software bug that could have left devices open to malware

Red padlock open on electric circuits network dark red background.

Microsoft has released its latest cumulative Patch Tuesday update for May 2024, including a fix for a zero-day vulnerability that was allegedly used to deliver the QakBot malware to vulnerable Windows devices.

Among the vulnerabilities addressed this time around is a heap-based buffer overflow vulnerability found in Desktop Window Manager (DWM). 

The flaw is tracked as CVE-2024-30051, can result in privilege escalation and allows threat actors to gain SYSTEM privileges on target endpoints. 

QakBot activity

The Desktop Window Manager (DWM) is a Windows service responsible for managing visual effects, transparency, window animations, and various other graphical elements. Microsoft first added it to Windows Vista, and has been a part of the OS ever since. 

This privilege escalation flaw was first found by Kaspersky’s researchers, who were looking at an entirely different exploit when they stumbled upon a file on VirusTotal that described the flaw. 

"After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability," Kaspersky said. "We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it."

QakBot, sometimes referred to as Qbot, is an ancient banking trojan, first spotted almost two decades ago (in 2008). At first, its developers built it to steal banking credentials, credit card information, and other similar data. Since then, Qbot evolved into a dropper, being used on infected devices to deliver additional malicious payloads. 

Last summer, an international team of law enforcement agencies initiated Operation Duck Hunt, which dismantled QakBot’s infrastructure. However, the malware soon re-emerged, targeting businesses in the hospitality industry.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.