Hunting CVE-2024-30051: Desktop Window Manager Privilege Escalation | Threat SnapShot
🔍 In this episode, we dive into CVE-2024-30051, a critical out-of-bounds write vulnerability in the Desktop Window Manager. This bug, similar to CVE-2023-36033, allows attackers to escalate privileges to SYSTEM by exploiting a heap overflow in dwmcore.dll.
CVE-2024-30051 has been actively exploited to deploy malware like Qakbot, as identified by Kaspersky. This video covers the process of hunting down a sample, executing it in a sandbox environment, and creating effective detections using logs from the exploit’s activity.
CVE-2024-30051 is a significant threat, but with the right detection strategies, we can mitigate its impact. Stay tuned to learn how to protect your systems!
✅ *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*
📢 *Have questions or topics you’d like us to cover? Drop a comment below!*
👋 *Follow us:*
https://www.linkedin.com/company/snapattack/
https://twitter.com/snapattackhq
https://www.linkedin.com/in/ajkingio/
https://twitter.com/ajkingio
SnapAttack Resources:
- https://blog.snapattack.com/hunting-cve-2024-30051-8de021f0cf77
- https://app.snapattack.com/collection/3c617e22-4009-4944-88fb-9f0c6deb6c65 - Collection: Hunting CVE-2024-30051: Desktop Window Manager Privilege Escalation | Threat SnapShot
- https://app.snapattack.com/threat/385546fd-6bec-88c4-cfee-004ba18d832f - Threat: Captured Threat
- https://app.snapattack.com/detection/d62b6f7f-104c-458f-9d20-0164f67edcc7 - Detection: Suspicious File Created by dwm.exe
- https://app.snapattack.com/detection/44eecf6f-cbb0-4035-aa62-6849a6a9a5c7 - Detection: Possible CVE-2024-30051 Exploitation
- https://app.snapattack.com/detection/8194b5d4-41ae-4ce7-adfb-92d375e341d2 - Detection: Suspicious Child of Consent.exe
References:
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36033
- https://securelist.com/cve-2024-30051/112618/
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30051
- https://www.virustotal.com/gui/file/9f18032a67c32929c43d1dbe29b7808b3bcec3159bfba337ee8cf8a79193d9fb/details
- https://www.virustotal.com/gui/file/8b61cadaeda4c14d7bd9e7990c6620e111809cd57ea0ea222063b0cff1f6c316/details