When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Windows 11/10 system driver has BSOD-triggering CVE-2024-6768 flaw on fully updated PCs

Neowin · · Hot! with 6 comments

windows 11 and windows 10 logos in red

Last month, a large number of Windows enterprise and business PCs worldwide came head-on with one of the biggest global computing outages of all time. It was a consequence of a buggy CrowdStrike Falcon IPC Template Type and this month the cybersecurity firm released its final report about the issue. What all that led to is the infamous Blue Screens of Death (BSODs), which has its roots in the first Windows NT (version 3.1) days.

While the CrowdStrike BSOD outage was a consequence of a botched security update, a new BSOD-triggering security flaw has been discovered in a Windows driver by cybersecurity firm Fortra, and fully updated Windows systems are affected by this vulnerability.

The firm explains that the Windows' CLFS.SYS driver, responsible for handling the Common Log FIle System, is the root of the issue and is triggered by improper validation (CWE-1284) thus leading to a denial of service-induced BSOD. The issue is being tracked under ID "CVE-2024-6768." Fortra's Nicardo Narvaja writes:

CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, despite having all updates applied.

A Proof of Concept (PoC) shows that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash. The potential problems include system instability and denial of service, as malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.

The bright side is that this is a local attack so a threat actor trying to manipulate the CLFS' Base Log File (BLF) would need physical access to your system. You can find the technical details about the Proof of Concept (PoC) on Fortra's website.

The flaw is similar to CVE-2023-36424 LPE (local privilege escalation) which Microsoft addressed last year with the November 2023 Patch Tuesday updates (KB5032189 for Windows 10 and KB5032190 for Windows 11).

This security flaw report comes hot on the heels of another issue that we covered last week where a fully updated Windows PC can be tricked into downgrading permanently.

Report a problem with article
STALKER 2 Heart of Chornobyl
Next Article

You can get very deep into S.T.A.L.K.E.R. 2 Heart of Chornobyl with this new dev video

A graphic with Microsoft and Clipchamp logos on a purple background
Previous Article

Clipchamp Mobile on iOS is getting a major update with multi-track editor and more

Join the conversation!

Login or Sign Up to read and post a comment.

6 Comments - Add comment