Windows Zero-Day Vulnerability Exploited To Deliver QakBot Malware - 20240515005¶
Overview¶
This vulnerability is an elevation of privilege issue in the Windows DWM Core Library. It could allow an authenticated attacker to gain higher privileges on the affected system without any user interaction required.
Microsoft has released a security update that is available from the Microsoft Update Catalog to patch this vulnerability.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected |
|---|---|---|---|
| CVE-2024-30051 | High | 7.8 | Versions |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):