In the wake of a recent CrowdStrike update fiasco that left millions of Windows machines ensnared in a blue screen of death loop, a new vulnerability has emerged, raising fresh concerns among users and IT professionals alike. According to an August 12 report from cybersecurity firm Fortra, a newly identified flaw in Windows could once again lead to the dreaded blue screen of death, affecting all versions of Windows 10 and Windows 11, regardless of whether the latest security updates have been applied.
CVE-2024-6768 Explained
The vulnerability, designated as CVE-2024-6768, pertains to the common log file system Windows driver. It arises from improper validation of input data quantities, which triggers a function known as KeBugCheckEx, resulting in the infamous blue screen of death. This scenario is particularly unsettling for Windows users, who have recently experienced similar issues stemming from the CrowdStrike incident. Although the potential consequences of an exploit are significant and do not require user interaction, the local nature of the attack vector has led to a medium-risk classification for this vulnerability.
Which Versions Of Windows Are Affected By CVE-2024-6768?
CVE-2024-6768 poses a threat to all iterations of Windows 10 and Windows 11, as well as Windows Server 2022. The vulnerability allows a user with no privileges to induce a system crash by utilizing a specially crafted file, even if the system is fully updated with the latest security patches.
Ricardo Narvaja, principal exploit writer at Fortra and author of the report, emphasized the implications of this vulnerability: “The potential problems include system instability and denial of service. Malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
The Windows Blue Screen Of Death CVE-2024-6768 Research Timeline
Tyler Reguly, Fortra’s associate director of security research and development, shared insights into the timeline of this vulnerability. Microsoft was first alerted to the issue in December 2023, but by February 2024, the company had become unresponsive, claiming it could not reproduce the vulnerability. This assertion stood in stark contrast to Fortra's ability to replicate the results across multiple systems, both virtual and physical. Reguly noted that no workaround or mitigation has been identified, and expressed skepticism about the likelihood of a fix from Microsoft. The publication of the vulnerability report aims to prompt Microsoft to acknowledge the exploitability of the issue and consider a resolution.
The Research Timeline In Full
- December 20, 2023 – Reported to Microsoft with a Proof-of-Concept exploit.
- January 8, 2024 – Microsoft responded that its engineers could not reproduce the vulnerability.
- January 12, 2024 – Fortra provided a screenshot showing a version of Windows running the January Patch Tuesday updates and a memory dump of the crash.
- February 21, 2024 – Microsoft replied that it still could not reproduce the issue and so was closing the case.
- February 28, 2024 – Fortra reproduced the issue again with the February Patch Tuesday updates installed and provided additional evidence, including a video of the crash condition.
- June 19, 2024 – Fortra followed up to say that it intended to pursue a CVE and publish the research.
