CVE-2024-30051

Overview

CVE-2024-30051 is a zero-day elevation of privilege vulnerability in the Windows Desktop Window Manager (DWM) Core Library. It was actively exploited in the wild, notably by the QakBot malware, and patched by Microsoft in 2024.

This vulnerability was used to deliver various payloads and was one of the most significant DWM zero-days exploited in recent years.

Technical Details

• Vulnerability Type: Elevation of Privilege (EoP)
• Affected Component: DWM Core Library
• Attack Vector: Local
• Impact: Allows a standard user to escalate privileges to SYSTEM
• Exploitation: Exploited by QakBot malware to gain SYSTEM privileges and deliver additional payloads
• Patch Date: 2024 (Patch Tuesday)

Exploitation

CVE-2024-30051 was exploited by QakBot malware in targeted attacks. The malware used this vulnerability to escalate privileges on compromised systems, allowing it to disable security features, steal credentials, and deploy ransomware or other malicious payloads.

Microsoft and cybersecurity researchers from Kaspersky uncovered this critical zero-day, which affected even older, out-of-support Windows versions like Windows 10 RTM (version 1507, build 10240).

Affected Systems

• Windows 10 (all versions, including RTM)
• Windows 11
• Windows Server (multiple versions)

Microsoft released a patch for Windows 10 RTM specifically for this vulnerability, highlighting its severity and widespread impact.

Patch Information

Microsoft released security updates for this vulnerability as part of a 2024 Patch Tuesday. Users and administrators are strongly advised to apply the update immediately.

For systems that cannot be patched, Microsoft recommends restricting user privileges and monitoring for suspicious activity.

Mitigation

• Apply the latest security updates from Microsoft.
• Monitor for unusual privilege escalation attempts.
• Use modern endpoint protection solutions to detect and block QakBot and other malware.
• Restrict user privileges to limit the impact of potential exploits.

References