Last month, a large number of Windows enterprise and business PCs worldwide came head-on with one of the biggest global computing outages of all time. It was a consequence of a buggy CrowdStrike Falcon IPC Template Type and this month the cybersecurity firm released its final report about the issue. What all that led to is the infamous Blue Screens of Death (BSODs), which has its roots in the first Windows NT (version 3.1) days.
While the CrowdStrike BSOD outage was a consequence of a botched security update, a new BSOD-triggering security flaw has been discovered in a Windows driver by cybersecurity firm Fortra, and fully updated Windows systems are affected by this vulnerability.
The firm explains that the Windows' CLFS.SYS driver, responsible for handling the Common Log FIle System, is the root of the issue and is triggered by improper validation (CWE-1284) thus leading to a denial of service-induced BSOD. The issue is being tracked under ID "CVE-2024-6768." Fortra's Nicardo Narvaja writes:
CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, despite having all updates applied.
A Proof of Concept (PoC) shows that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash. The potential problems include system instability and denial of service, as malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.
The bright side is that this is a local attack so a threat actor trying to manipulate the CLFS' Base Log File (BLF) would need physical access to your system. You can find the technical details about the Proof of Concept (PoC) on Fortra's website.
The flaw is similar to CVE-2023-36424 LPE (local privilege escalation) which Microsoft addressed last year with the November 2023 Patch Tuesday updates (KB5032189 for Windows 10 and KB5032190 for Windows 11).
This security flaw report comes hot on the heels of another issue that we covered last week where a fully updated Windows PC can be tricked into downgrading permanently.
6 Comments - Add comment