In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild.
While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on April 1, 2024. This document caught the researchers attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside there the researchers found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very brok
Read more…
Source: Kaspersky
Related:
- Exploited Windows zero-day lets JavaScript files bypass security warnings
October 22, 2022
An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks. Windows includes a security ...
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
October 20, 2022
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- CISA Releases Three Industrial Control Systems Advisories
October 20, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-293-01 Bentley Systems MicroStation Connect ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump ...
- CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
October 19, 2022
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2. CISA encourages organizations to review the latest update to AA22-228A ...
- Linux dodges serious Wi-Fi security exploits
October 17, 2022
You may recall that Linus Torvalds recently added support for Rust in the Linux kernel. One of the big reasons for adding Rust was to put an end to Linux code memory problems. It can’t come soon enough. Recently, five serious Linux Wi-Fi security holes were uncovered. What did they all have in common? Go ahead, guess? ...
- Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
October 13, 2022
On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...