Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities

May 14, 2024 at 03:43PM Microsoft released security updates addressing 60 vulnerabilities, including an actively exploited zero-day bug called CVE-2024-30051 with a severity score of 7.8/10. They also warned of CVE-2024-30040 allowing attackers to execute code in Microsoft 365, and CVE-2024-30044 for remote code execution in Microsoft Sharepoint, urging admins to take immediate action. From … Read more

Microsoft fixes Windows zero-day exploited in QakBot malware attacks

May 14, 2024 at 02:23PM Microsoft has addressed a zero-day vulnerability, CVE-2024-30051, which allowed for privilege escalation through a heap-based buffer overflow in the Desktop Window Manager (DWM) core library on vulnerable Windows systems, facilitating delivery of QakBot and other malware. Kaspersky and other security researchers confirmed the exploitation and reported it to Microsoft. QakBot … Read more