A new Windows vulnerability could be exploited by attackers to generate an unrecoverable inconsistency and repeatedly crash affected systems, researchers have warned.
Ricardo Narvaja, principal exploit writer at cybersecurity and automation software company Fortra, uncovered a vulnerability in the common log file system (CLFS.sys) driver of Windows.
Disclosed by Fortra on 12 August, CVE-2024-6768 is said to have been caused by improper validation of specified quantities in input data, leading to an unrecoverable inconsistency, which triggers the KeBugCheckEx function, resulting in the infamous blue screen of death.
A proof of concept (PoC) developed by Narvaja revealed that by crafting specific values within a .BLF file, the format of log files used by the Windows common log file system t, an unprivileged user could cause the target system to crash.
Despite only requiring low level account privileges and being listed as having a low attack complexity, CVE-2024-6768 is a medium severity security flaw rated a 6.8 on the CVSS, possibly due to a potential attacker requiring a local access in order to exploit it.
CVE-2024-6768 gives attackers “another tool in their post-compromise toolkit”
Tyler Reguly, associate director of security R&D at Fortra, told ITPro that due to fact the attacker would already need access to the system to exploit it, this flaw is not the most dangerous to emerge recently,
“To classify this vulnerability as dangerous would be a mistake. Not every vulnerability is world ending, but it is important that we still think about them and understand them. In this case, the attack vectors are limited as are the real-world use cases,” he explained.
“Since the attacker must have access to the system, we’re talking about an insider attack or someone who has already compromised your network, which means there’s a bigger risk that already exists. Next, we’re talking about crashing a system. There’s no code execution or privilege escalation associated with this; it is a straightforward denial of service.
Reguly warned, however, that CVE-2024-6768 would be a handy addition to a hacker’s post-compromise toolkit.
“Where the risk comes in is if someone wants to disrupt a multi-user environment or reboot a system where they don’t yet have increased privileges.,” he noted.
RELATED WHITEPAPER
“This vulnerability doesn’t give an attacker the keys to the kingdom. Instead, it gives them another tool in their post-compromise toolkit – a self-recovering denial of service that essentially lets you reboot a system without permission to do so.”
Fortra’s blog warned the issue affects all versions of Windows, up to and including the latest versions of both Windows 10 and 11 with all updates applied.
Narvaja has made the functional PoC with sources as well as the crafted .BLF file available on Fortra’s GitHub for those looking to learn more about the vulnerability.
-
Jensen Huang says AI will make us busier – so what’s the point?Opinion So much for efficiency gains and focusing on the more “rewarding” aspects of your job
-
This DeepSeek-powered pen testing tool could be a Cobalt Strike successorNews ‘Villager’, a tool developed by a China-based red team project known as Cyberspike, is being used to automate attacks under the guise of penetration testing.
-
UK government programmers trialed AI coding assistants from Microsoft, GitHub, and Google – here's what they foundNews Developers participating in a trial of AI coding tools from Google, Microsoft, and GitHub reported big time savings, with 58% saying they now couldn't work without them.
-
Salesforce says ‘Microsoft’s anticompetitive tying of Teams' harmed business in triumphant response to EU concessions agreementNews Microsoft has agreed to make versions of its Office solutions suite available without Teams – and at a reduced price
-
US Senator calls for Microsoft FTC probe over ‘gross cybersecurity negligence’ – Ron Wyden claims the tech giant has provided ‘dangerous, insecure software’ to the US governmentNews Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
-
Microsoft touts new Copilot features in Excel, but says you shouldn’t use them if you want accurate resultsNews Microsoft has warned against using new AI features in Excel for “tasks with legal, regulatory, or compliance implications” – so when can you use it?
-
Windows 10 extended support costs could top $7 billionNews Enterprises sticking with Windows 10 after the October deadline face huge costs
-
A senior Microsoft exec says future Windows versions will offer more interactive, ‘multimodal’ experiencesNews With speculation over a Windows 12 reveal mounting, a senior company figure claims the new operating system will mark a step change for users
-
Microsoft says AI is finally having a 'meaningful impact' on developer productivity – and 80% 'would be sad if they could no longer use it'News Researchers at Microsoft wanted to demystify how AI is being used by software developers – their findings show the benefits are finally becoming clear.
-
Microsoft’s botched August updates wiped SSDs, now it’s breaking PC resets and recoveries on WindowsNews An out-of-band patch has been issued by Microsoft to fix a flaw introduced by its August update
