Cybersecurity firm Fortra has discovered a new security flaw in a Windows driver that is causing the infamous BSOD (Blue Screen of Death) on fully updated Windows PCs.
The vulnerability, tracked as CVE-2024-6768, is a denial of service (DoS) in the Common Log File System (CLFS.sys) driver of Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022, which allows a malicious authenticated low-privilege user to cause a BSOD via a forced call to the KeBugCheckEx function.
The flaw exists due to improper validation of a specified quantity in input (CWE-1284), leading to an unrecoverable inconsistency in the CLFS.sys driver.
The CVE-2024-6768 vulnerability affects the abovementioned versions of Windows regardless of whether they have been updated with all security patches to date.
“The potential problems include system instability and denial of service,” Ricardo Narvaja, principal exploit writer with cybersecurity firm Fortra and the author of the report, said, “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
A proof of concept (PoC) designed by Narvaja revealed that by crafting values in a specific log file format, such as a .BLF file, could allow an unprivileged user to exploit the target system and force it to crash without any user interaction.
Narvaja said the vulnerability poses a significant risk as it could cause issues such as system instability and DoS attacks. Threat users could exploit this flaw to repeatedly crash affected systems, resulting in potential data loss and disruption to operations.
“In the last two research endeavors on Common Log File System (CLFS), I was able to achieve remote code execution in both cases,” he wrote in the report. “However, when I modified some values in the PoC I was working on, I observed that it triggered a BSoD on the target system.”
Narvaja first reported the vulnerability to Microsoft on December 20, 2023, along with PoC but the company became unresponsive in February 2024, Tyler Reguly, Fortra’s associate director of security research and development told Forbes, adding that Microsoft stated that their engineers could not reproduce the vulnerability and closed the case without acknowledging it as a flaw or applying a fix.
Currently, there is no workaround or mitigation to fix the CVE-2024-6768 vulnerability. This flaw is a medium severity security flaw rated a 6.8 on the CVSS, which means there are chances that hackers and other malicious actors could target this flaw to cause disruption in the Windows system process.
Meanwhile, Narvaja recommended that researchers and professionals keep their systems up to date and check for unusual activity to reduce the risk of exploitation.