Security News > 2024 > May > Microsoft fixes Windows zero-day exploited in QakBot malware attacks
2024-05-14 18:18
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Kaspersky security researchers discovered the vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033 and also exploited as a zero-day in attacks.
Microsoft fixes two Windows zero-days exploited in malware attacks.
Apple backports fix for zero-day exploited in attacks to older iPhones.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.
Google fixes fifth Chrome zero-day exploited in attacks this year.
News URL
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |