CVE-2024-30051

May 14, 2024, 7:17 p.m.

7.8
High

Description

Windows DWM Core Library Elevation of Privilege Vulnerability

Product(s) Impacted

Product Versions
Windows DWM Core Library

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

Tags

CWE-122
2024-05-14
secure@microsoft.com
CVE-2024-30051

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: May 14, 2024, 5:17 p.m.
Last Modified: May 14, 2024, 7:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@microsoft.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-30051 using threat intelligence.

  • Trojan-Ransom.VBS.BitLock.gen
  • Trojan.VBS.SAgent.gen
  • Trojan.Win32.Generic

Linked Attack Reports

New ransomware group abusing BitLocker

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…
ransomware
exfiltration
encryption
2024-05-23
bitlocker
trojan-ransom.vbs.bitlock.gen
trojan.vbs.sagent.gen
trojan.win32.generic
partitions
Published: May 23, 2024
Linked vulnerabilities : CVE-2024-30051 (CVSS 7.8)
Downloadable IOCs: 6

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.