Last month, the tech world was rocked by Microsoft’s infamous Blue Screen of Death (BSoD) error, triggered by a faulty update from cybersecurity firm CrowdStrike. Just as the dust began to settle, another vulnerability has emerged, this time identified by Fortra, a cybersecurity software company.
What is the new vulnerability in Microsoft Windows?
Fortra has detailed a significant vulnerability affecting Microsoft Windows, specifically a Denial of Service issue found in the CLFS.sys component. This flaw impacts a range of systems, including Windows 10, Windows 11, and various versions of Windows Server (2016, 2019, and 2022). The vulnerability allows a malicious, authenticated low-privilege user to induce a BSoD through a forced call to the KeBugCheckEx function.
Cataloged as CVE-2024-6768, this vulnerability revolves around the common log file system driver in Windows. It arises from improper validation of input data quantities, which can lead to the notorious BSoD error. The implications are broad, affecting all versions of Windows 10 and Windows 11, along with Windows Server 2022.
Ricardo Narvaja, principal exploit writer at Fortra and author of the vulnerability report, highlighted the potential risks: “The potential problems include system instability and denial of service,” he noted. He further emphasized that “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
Fortra initially alerted Microsoft about this vulnerability back in December of the previous year. However, the response from Microsoft came in February 2024, stating that they were unable to reproduce the issue and subsequently closed the case. This ongoing dialogue underscores the critical nature of cybersecurity in maintaining system integrity and operational continuity.