Saturday, November 23, 2024

CLFS Vulnerability Let Hackers Trigger BSOD Error On All Versions Of Windows 10 & 11

Must read

A newly discovered vulnerability in the Common Log File System (CLFS.sys) driver of Windows has been identified, potentially affecting millions of devices running Windows 10, Windows 11, and various Windows Server versions.

Tracked as CVE-2024-6768, this vulnerability allows a malicious authenticated low-privilege user to trigger a Blue Screen of Death (BSOD) through a forced call to the KeBugCheckEx function, leading to system instability and denial of service (DoS) attacks.

The flaw is attributed to improper validation of specified quantities in input data, categorized under CWE-1284. This vulnerability can cause an unrecoverable system state, making it possible for an attacker to repeatedly crash affected systems, potentially causing data loss and operational disruptions.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Ricardo Narvaja, a researcher at Fortra, demonstrated the vulnerability through a proof of concept (PoC) that exploits specific values within a .BLF file, a format used by the Windows common log file system.

BSOD Error (Source: FORTRA)

This PoC shows that an unprivileged user can induce a system crash without requiring user interaction, highlighting the vulnerability’s low attack complexity.

Despite the medium severity rating of 6.8 on the Common Vulnerability Scoring System (CVSS), the vulnerability poses a significant risk due to its potential for repeated exploitation. The attack vector is local, meaning it must be executed on the system itself, which somewhat limits the scope of potential attacks.

This discovery follows a recent significant issue involving CrowdStrike, where a buggy security update led to widespread BSODs across enterprise and business PCs.

The CrowdStrike issue was linked to a faulty IPC Template Type in their Falcon software, which caused similar system crashes. These incidents underscore the critical nature of maintaining robust security measures and monitoring systems for unusual activities to mitigate such vulnerabilities.

Currently, there are no known mitigations or patches available for CVE-2024-6768. The vulnerability, affecting the CLFS.sys driver in Windows 10, Windows 11, and several Windows Server versions allows a low-privilege user to cause a Blue Screen of Death (BSOD) through improper input validation. 

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces

Latest article