Security News > 2024 > May > Microsoft fixes Windows zero-day exploited in QakBot malware attacks
2024-05-14 18:18
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Kaspersky security researchers discovered the vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033 and also exploited as a zero-day in attacks.
Microsoft fixes two Windows zero-days exploited in malware attacks.
Apple backports fix for zero-day exploited in attacks to older iPhones.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.
Google fixes fifth Chrome zero-day exploited in attacks this year.
News URL
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |