Security News > 2024 > May > Microsoft fixes Windows zero-day exploited in QakBot malware attacks
2024-05-14 18:18
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Kaspersky security researchers discovered the vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033 and also exploited as a zero-day in attacks.
Microsoft fixes two Windows zero-days exploited in malware attacks.
Apple backports fix for zero-day exploited in attacks to older iPhones.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.
Google fixes fifth Chrome zero-day exploited in attacks this year.
News URL
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |