Microsoft fixes software bug that could have left devices open to malware

The flaw is tracked as CVE-2024-30051, can result in privilege escalation and allows threat actors to gain SYSTEM privileges on target endpoints. 

QakBot activity

The Desktop Window Manager (DWM) is a Windows service responsible for managing visual effects, transparency, window animations, and various other graphical elements. Microsoft first added it to Windows Vista, and has been a part of the OS ever since. 

This privilege escalation flaw was first found by Kaspersky’s researchers, who were looking at an entirely different exploit when they stumbled upon a file on VirusTotal that described the flaw. 

"After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability," Kaspersky said. "We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it."

QakBot, sometimes referred to as Qbot, is an ancient banking trojan, first spotted almost two decades ago (in 2008). At first, its developers built it to steal banking credentials, credit card information, and other similar data. Since then, Qbot evolved into a dropper, being used on infected devices to deliver additional malicious payloads. 

Last summer, an international team of law enforcement agencies initiated Operation Duck Hunt, which dismantled QakBot’s infrastructure. However, the malware soon re-emerged, targeting businesses in the hospitality industry.

Via BleepingComputer

More from TechRadar Pro

• Bad news - infamous Qbot malware appears to have returned once again
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now