New Windows vulnerability could repeatedly trigger the blue screen of death on millions of devices
Attackers could exploit the Windows vulnerability to repeatedly crash machines and trigger a blue screen of death, according to researchers at Fortra


A new Windows vulnerability could be exploited by attackers to generate an unrecoverable inconsistency and repeatedly crash affected systems, researchers have warned.
Ricardo Narvaja, principal exploit writer at cybersecurity and automation software company Fortra, uncovered a vulnerability in the common log file system (CLFS.sys) driver of Windows.
Disclosed by Fortra on 12 August, CVE-2024-6768 is said to have been caused by improper validation of specified quantities in input data, leading to an unrecoverable inconsistency, which triggers the KeBugCheckEx function, resulting in the infamous blue screen of death.
A proof of concept (PoC) developed by Narvaja revealed that by crafting specific values within a .BLF file, the format of log files used by the Windows common log file system t, an unprivileged user could cause the target system to crash.
Despite only requiring low level account privileges and being listed as having a low attack complexity, CVE-2024-6768 is a medium severity security flaw rated a 6.8 on the CVSS, possibly due to a potential attacker requiring a local access in order to exploit it.
CVE-2024-6768 gives attackers “another tool in their post-compromise toolkit”
Tyler Reguly, associate director of security R&D at Fortra, told ITPro that due to fact the attacker would already need access to the system to exploit it, this flaw is not the most dangerous to emerge recently,
“To classify this vulnerability as dangerous would be a mistake. Not every vulnerability is world ending, but it is important that we still think about them and understand them. In this case, the attack vectors are limited as are the real-world use cases,” he explained.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“Since the attacker must have access to the system, we’re talking about an insider attack or someone who has already compromised your network, which means there’s a bigger risk that already exists. Next, we’re talking about crashing a system. There’s no code execution or privilege escalation associated with this; it is a straightforward denial of service.
Reguly warned, however, that CVE-2024-6768 would be a handy addition to a hacker’s post-compromise toolkit.
“Where the risk comes in is if someone wants to disrupt a multi-user environment or reboot a system where they don’t yet have increased privileges.,” he noted.
RELATED WHITEPAPER
“This vulnerability doesn’t give an attacker the keys to the kingdom. Instead, it gives them another tool in their post-compromise toolkit – a self-recovering denial of service that essentially lets you reboot a system without permission to do so.”
Fortra’s blog warned the issue affects all versions of Windows, up to and including the latest versions of both Windows 10 and 11 with all updates applied.
Narvaja has made the functional PoC with sources as well as the crafted .BLF file available on Fortra’s GitHub for those looking to learn more about the vulnerability.

Solomon Klappholz is a former staff writer for ITPro and ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing, which led to him developing a particular interest in cybersecurity, IT regulation, industrial infrastructure applications, and machine learning.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Intune flaw pushed Windows 11 upgrades on blocked devices
News Microsoft is working on a solution after Intune upgraded devices contrary to policies
By Nicole Kobie
-
Dragging your feet on Windows 11 migration? Rising infostealer threats might change that
News With the clock ticking down to the Windows 10 end of life deadline in October, organizations are dragging their feet on Windows 11 migration – and leaving their devices vulnerable as a result.
By Emma Woollacott
-
Microsoft justifies 365 price increases after MP concerns
News Microsoft’s UK VP of external affairs has defended the tech giant's price increases
By George Fitzmaurice
-
Microsoft is ending support for the Remote Desktop app – here are three alternatives you can try instead
News Microsoft has announced plans to end support for its Remote Desktop application in just over two months.
By George Fitzmaurice
-
GitHub just launched a new free tier for its Copilot coding assistant – but only for a select group of developers
News Limited access to GitHub Copilot in VS Code is now available free of charge
By Nicole Kobie
-
Recall arrives for Intel and AMD devices after months of controversy
News Microsoft's Recall feature is now available in preview for customers using AMD and Intel devices.
By Nicole Kobie
-
Everything you need to know about the Microsoft outage
News After a day of chaos, the worst of the Microsoft outage appears to have passed, but some problems still remain
By Emma Woollacott
-
With one year to go until Windows 10 end of life, here’s what businesses should do to prepare
News IT teams need to migrate soon or risk a plethora of security and sustainability issues
By George Fitzmaurice