1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft fixes software bug that could have left devices open to

    From TechnologyDaily@1337:1/100 to All on Wed May 15 10:45:05 2024
    Microsoft fixes software bug that could have left devices open to malware

    Date:
    Wed, 15 May 2024 10:33:06 +0000

    Description:
    A zero-day used in QakBot attacks has been fixed as part of this month's
    Patch Tuesday.

    FULL STORY ======================================================================

    Microsoft has released its latest cumulative Patch Tuesday update for May, including a fix for a zero-day vulnerability that was allegedly used to deliver the QakBot malware to vulnerable Windows devices.

    Among the vulnerabilities addressed this time around is a heap-based buffer overflow vulnerability found in Desktop Window Manager (DWM).

    The flaw is tracked as CVE-2024-30051, can result in privilege escalation and allows threat actors to gain SYSTEM privileges on target endpoints. QakBot activity

    The Desktop Window Manager (DWM) is a Windows service responsible for
    managing visual effects, transparency, window animations, and various other graphical elements. Microsoft first added it to Windows Vista, and has been a part of the OS ever since.

    This privilege escalation flaw was first found by Kasperskys researchers, BleepingComputer said in its writeup. The researchers were looking at an entirely different exploit when they stumbled upon a file on VirusTotal that described the flaw.

    "After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability," Kaspersky said. "We have seen it used together with QakBot
    and other malware, and believe that multiple threat actors have access to
    it."

    QakBot, sometimes referred to as Qbot, is an ancient banking trojan, first spotted almost two decades ago (in 2008). At first, its developers built it
    to steal banking credentials, credit card information, and other similar
    data. Since then, Qbot evolved into a dropper, being used on infected devices to deliver additional malicious payloads.

    Last summer, an international team of law enforcement agencies initiated Operation Duck Hunt, which dismantled QakBots infrastructure. However, the malware soon re-emerged, targeting businesses in the hospitality industry. More from TechRadar Pro Bad news - infamous Qbot malware appears to have returned once again Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-fixes-software-bug-that-could -have-left-devices-open-to-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)