New Windows vulnerability could lead to BSOD error similar to Microsoft-CrowdStrike outage: Report

The vulnerability could allow a malicious authenticated user to trigger the error through a forced call to the KeBugCheckEx function, which would lead to system instability and denial of service or DoS attacks

Updated - August 14, 2024 12:52 pm IST

Published - August 14, 2024 12:14 pm IST

FILE PHOTO: A new report has warned against a vulnerability found in all versions of Windows 10 and 11, which could potentially cause a BSOD error.

FILE PHOTO: A new report has warned against a vulnerability found in all versions of Windows 10 and 11, which could potentially cause a BSOD error. | Photo Credit: AP

A new report has warned against a vulnerability found in all versions of Windows 10 and 11, which could potentially cause a Blue Screen of Death (BSOD) error

Cybersecurity company Fortra LLC discovered the vulnerability in the Common Log File System (CLFS) driver of Windows. It was caused by an improper validation of specified quantities in input data, meaning the system failed to correctly check the values entered by the user.

The vulnerability then could allow a malicious authenticated user to trigger the error through a forced call to the KeBugCheckEx function, which would lead to system instability and denial of service or DoS attacks.

A researcher at Fortra, Ricardo Narvaja, demonstrated how the vulnerability could be exploited via a proof-of-concept (PoC). Narvaja was able to craft specific values within a .BLF file, a format usually used by the Windows common log file system.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Although the vulnerability has been assigned a severity rating of only 6.8-Medium on the Common Vulnerabilities and Exposures benchmark, there is some chance that hackers could target it.

Tracked as CVE-2024-6768, there are no known mitigations or patches available yet.

This comes weeks after a buggy update in CrowdStrike led to widespread BSODs across industries globally.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.