Security News > 2024 > May > Microsoft fixes Windows zero-day exploited in QakBot malware attacks
2024-05-14 18:18
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Kaspersky security researchers discovered the vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033 and also exploited as a zero-day in attacks.
Microsoft fixes two Windows zero-days exploited in malware attacks.
Apple backports fix for zero-day exploited in attacks to older iPhones.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.
Google fixes fifth Chrome zero-day exploited in attacks this year.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- Microsoft Notepad to get AI-powered rewriting tool on Windows 11 (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |