Microsoft fixed 60 Windows CVEs including two exploited bugs: CVE-2024-30051 (7.8 CVSS) privilege elevation allowing system access, and CVE-2024-30040 (8.8 CVSS) security bypass in MSHTML.
The Qakbot banking Trojan exploits CVE-2024-30051, with multiple threat actors having access to it according to Kaspersky, highlighting the severity and impact of the vulnerability.
CVE-2024-30040 bypasses OLE mitigations in Microsoft 365 and Office, enabling attackers to execute code by tricking users into opening a malicious file, posing a significant security risk.
[
add
]
[
|
|
...
]