Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-30051

7.8HIGH

Key Information

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 14 May 2024

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The first article discusses multiple vulnerabilities in Windows and other software, including two zero-day vulnerabilities in Windows that are already being exploited in active attacks. One of the zero-day vulnerabilities, CVE-2024-30051, is an "elevation of privilege" bug in a core Windows library that allows local attackers to escalate to system privileges. The exploit is being used by multiple threat actors, particularly in conjunction with the QakBot initial-access Trojan, which is commonly used in ransomware attacks. Microsoft has released updates to fix these vulnerabilities, and users are encouraged to apply the patches promptly. The exploitation of the CVE-2024-30051 vulnerability poses a significant risk, and there is an urgent need to address this vulnerability. The second article also discusses multiple vulnerabilities, including two zero-day vulnerabilities in Windows, with one of them being CVE-2024-30051. This zero-day is a Windows DWM Core Library elevation of privilege vulnerability that is already in use by QakBot operators and poses a significant risk. The article emphasizes the importance of timely updates and vigilance in cybersecurity in addressing these critical vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-30051 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.5820

Windows Server 2019 < 10.0.17763.5820

Windows Server 2019 (Server Core installation) < 10.0.17763.5820

News Articles

@Securelist

CVE-2023-36033CVE-2024-30051

Malware report for Q2 2024 — a quarterly review

In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.

3 months ago

Telconet CSIRT

CVE-2024-30040CVE-2024-30051

Microsoft corrige múltiples vulnerabilidades en su Patch Tuesday de mayo 2024 – Telconet CSIRT

Microsoft realiza actualizaciones de seguridad con su Patch Tuesday de mayo del 2024 en el que se aborda un total de 61 fallos de seguridad, que incluyen tres vulnerabilidades Zero Day. En esta edición, se...

3 months ago

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Jun 20, 2024
Vulnerability started trending.
May 15, 2024
First article discovered by SecurityWeek
May 14, 2024
Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Mar 22, 2024

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed12 News Article(s)