Microsoft Windows DWM Zero-Day Poised for Mass Exploit

Microsoft's May Patch Tuesday update revealed a critical zero-day vulnerability, CVE-2024-30051, that is already being exploited by QakBot actors. This Windows DWM Core Library elevation of privilege flaw allows local attackers to gain system-level access, leading to potential full system takeovers. With a CVSS score of 7.2, it's essential for administrators to prioritize patching this vulnerability immediately. Alongside CVE-2024-30051, the update includes other significant vulnerabilities, such as CVE-2024-30040 in the MSHTML platform, and CVE-2024-30043 in SharePoint Server. Prompt action is crucial to safeguard systems against these emerging threats.