New CTI Lab: CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege) – Defensive
ImmerserToday we have released a brand new lab on CVE-2024-30051 and how to identify it within your SIEM.
CVE-2024-30051 is a zero-day vulnerability discovered in the Windows Desktop Window Manager (DWM) Core Library. Patched as part of the Microsoft patch Tuesday releases, this vulnerability has been observed to be used by threat actors and malware from May 2024 to as recently as September 2024, particularly QakBot.
Why have we created this content?
Although this vulnerability was reported in May 2024 and patched quickly, exploitation by large malicious threat actors is still being seen. This privilege escalation exploit can be simple to spot for defensive teams. Additionally, a Proof of Concept (PoC) has recently been released, months after the patch, which explains this vulnerability in great detail and comes with the hypothesis that there will be an uptick in exploitation – often is the case when detailed PoCs are released for vulnerabilities.
What are we publishing?
All customers on a CyberPro License have immediate access to this new lab.
Who is this content for?
These labs are focused on upskilling and increasing the defensive capabilities of the following roles:
- SOC Analysts
- Incident Responders
- Threat Hunters
- Malware Analysts
Immerser
