In a recent discovery, cybersecurity experts have identified a new zero-day vulnerability in Windows operating systems that could potentially lead to privilege escalation. The vulnerability, designated as CVE-2024-30051, was brought to light after a document uploaded to VirusTotal on April 1, 2024, hinted at a security flaw within the Windows Desktop Window Manager (DWM).
Upon further investigation, it was confirmed that the described vulnerability in the document was indeed legitimate and could be exploited to gain system privileges. The researchers promptly reported their findings to Microsoft, leading to the release of a patch on May 14, 2024, as part of Patch Tuesday.
Following the disclosure of the vulnerability, cybersecurity experts have been monitoring for any exploits or attacks leveraging this zero-day flaw. In mid-April, an exploit for CVE-2024-30051 was discovered, with indications that threat actors, including those associated with QakBot and other malware, have been utilizing it.
As users are urged to update their Windows systems to safeguard against potential attacks exploiting this vulnerability, technical details regarding CVE-2024-30051 are expected to be published once users have had sufficient time to secure their systems.