Windows zero-day vulnerability CVE-2024-30051
CVE-2024-30051 is a zero-day privilege escalation vulnerability discovered by Kaspersky Lab in April 2024 while researching CVE-2023-36033.
It is a critical vulnerability in Windows (CVSS 3.1 base score: 9.8) that allows attackers to escalate privileges and gain full control over the system. It is already being actively exploited by malware such as QuakBot. QuakBot, also known as QakBot, Qbot or QuackBot, is a notorious banking Trojan that targets Windows systems.
Attack scenario
The vulnerability is in the Windows kernel component and can be exploited by launching a specially crafted application process. This can then write to kernel memory and execute kernel code to gain administrative privileges.
Risks
Successful exploitation can lead to a complete compromise of the system as the attacker can then act with the highest privileges. Confidential data, cryptocurrency wallets and banking access are at risk.
Remedy
Microsoft has released a patch as part of its monthly Patch Tuesday on 14 May 2002 (KB5037765). Administrators are strongly advised to apply this patch to all systems.
Microsoft Blog:
Windows DWM Core Library Elevation of Privilege Vulnerability.
It is a critical vulnerability in Windows (CVSS 3.1 base score: 9.8) that allows attackers to escalate privileges and gain full control over the system. It is already being actively exploited by malware such as QuakBot. QuakBot, also known as QakBot, Qbot or QuackBot, is a notorious banking Trojan that targets Windows systems.
Attack scenario
The vulnerability is in the Windows kernel component and can be exploited by launching a specially crafted application process. This can then write to kernel memory and execute kernel code to gain administrative privileges.
Risks
Successful exploitation can lead to a complete compromise of the system as the attacker can then act with the highest privileges. Confidential data, cryptocurrency wallets and banking access are at risk.
Remedy
Microsoft has released a patch as part of its monthly Patch Tuesday on 14 May 2002 (KB5037765). Administrators are strongly advised to apply this patch to all systems.
Microsoft Blog:
Windows DWM Core Library Elevation of Privilege Vulnerability.
Please also mark the comments that contributed to the solution of the article
Content-ID: 83669809359
Url: https://administrator.de/contentid/83669809359
Printed on: October 6, 2024 at 19:10 o'clock