In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild.
While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on April 1, 2024. This document caught the researchers attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside there the researchers found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very brok
Read more…
Source: Kaspersky
Related:
- Critical Citrix Bug Puts 80,000 Corporate LANs at Risk
December 26, 2019
Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution. The Citrix products (formerly the NetScaler ADC and Gateway) are used for ...
- Apple opens public bug bounty program, publishes official rules
December 20, 2019
Apple has formally opened its bug bounty program today to all security researchers, after announcing the move earlier this year in August at the Black Hat security conference in Las Vegas. Until today, Apple ran an invitation-based bug bounty program for selected security researchers only and was accepting only iOS security bugs. Starting today, the company will accept vulnerability ...
- Unit 42 Discovers 13 New Vulnerabilities Across Microsoft and Adobe Products
December 19, 2019
Palo Alto Networks’ Unit 42 threat researchers have been credited with discovering six new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of its December Adobe Security Bulletin APSB19-55 security updates. Additionally, seven new “important” rated vulnerabilities were addressed by the Microsoft Security Response Center (MSRC) as part of its September, October and November ...
- DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet
December 16, 2019
Trend Micro recently found notable malware activity affecting devices running Linux, a platform that has battled numerous issues just this year. Further analysis of retrieved malware samples revealed that these actions were connected to a botnet called Momentum (named for the image found in its communication channel). We found new details on the tools and techniques ...
- Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
December 13, 2019
Since the discovery of the Mirai variant using the binary name ECHOBOT in May 2019, it has resurfaced from time to time, using new infrastructure, and more remarkably, adding to the list of vulnerabilities it scans for, as a means to increase its attack surface with each evolution. Unlike other Mirai variants, this particular variant stands out for the sheer ...
- Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
December 11, 2019
In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as ...