A vulnerability in the Windows Common Log File System (CLFS.sys) driver has been discovered recently and is referred to as CVE-2024-6768.
A recently found vulnerability, known as CVE-2024-6768, has been reported in the Windows Common Log File System (CLFS.sys) driver.Ricardo Narvaja, a cybersecurity researcher at Fortra, discovered this problem, which draws attention to a vulnerability that can let an unauthorized user bring down a system and display the Blue Screen of Death (BSOD).
Inadequate validation of input data has created a vulnerability that leaves the system in an unrecoverable condition.
Because the impacted CLFS.sys driver is essential to Windows 10 and Windows 11, all iterations of these OSs—including updates—are vulnerable.
This vulnerability makes it possible to manipulate a value in a particular log file format, such as a.BLF file, to take advantage of the system and cause a crash. With minimal privileges, the exploit is simple to use and doesn’t require user input.
According to Narvaja, there is a serious risk associated with the vulnerability because it can result in denial of service (DoS) assaults and system instability. This vulnerability could be used by an attacker to frequently crash the impacted systems, perhaps resulting in data loss and interruptions to operations.
The vulnerability was reported by the researcher, who also recorded how to replicate the crash and produced a Proof of Content (PoC) vector.
With a CVSS base score of 6.8, CVE-2024-6768 is categorized as having a medium severity level. The vulnerability has been classified as ‘Improper Validation of Specified Quantity in Input’ (CWE-1284) under the Common Weakness Enumeration (CWE).
Due to its low attack complexity and local attack route, which necessitate execution on the system itself, even inexperienced attackers can exploit it.
The attack leverages a particular offset in the context structure of the CLFS client. When PoC is used, it takes advantage of the vulnerability and manipulates the system into an unrecoverable condition, which causes the KeBugCheckEx function call to occur. This function is a fundamental Windows mechanism that deals with critical errors.
The system must restart as a result of this request, which causes the BSOD. Because of its ease of use and potential for recurrent exploitation, the vulnerability is extremely important for businesses that use Windows computers.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.