The ultimate BSOD — this Windows driver security flaw could crash your whole system, and Microsoft is still yet to fix it
Cybersecurity researchers have found a new vulnerability in Windows that allows threat actors to completely brick devices and cause serious data loss.
In a newly published security advisory, experts from Fortra said they discovered an improper input data validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By creating a new value in a specific log file format (for example, .BLF file), crooks could force the system into the Blue Screen of Death (BSOD) crash.
Both Windows 10 and Windows 11 operating systems (all versions) are susceptible, and the vulnerability was said to be easy to execute, even with low privileges. Furthermore, it requires no interaction on the victim’s side.
Proof of Concept
The vulnerability is tracked as CVE-2024-6768, and carries a severity score of 6.8 (medium). Even though this score might indicate low disruptive potential, Fortra’s researchers said the flaw could render systems unstable, and even facilitate Denial of Service (DoS) attacks. Threat actors could use it to repeatedly crash vulnerable systems.
There is currently no evidence of the vulnerability being exploited in the wild. However, with Fortra releasing a Proof-of-Concept (PoC) together with the security advisory, it’s now just a matter of time before cybercriminals add it to their arsenal. Since the attack vector is local, crooks looking to abuse it need to run it on the system itself. However, it can be run with low privileges, making it available even for beginner attackers.
Fortra’s advisory also suggests that Microsoft is yet to address the issue. The company said that Redmond tried, on two occasions, to reproduce the issue, and since it failed (last time it tried was in late February 2024) it closed the case. That would also mean that even the latest versions of Windows (both Windows 10 and Windows 11) were vulnerable.
More from TechRadar Pro
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Cybersecurity researchers have found a new vulnerability in Windows that allows threat actors to completely brick devices and cause serious data loss. In a newly published security advisory, experts from Fortra said they discovered an improper input data validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By…
Recent Posts
- Microsoft risks annoying Windows 10 users by testing yet more adverts in the Start menu
- SpaceX’s Polaris Dawn completed the first private spacewalk
- Gallup blocks security flaw which could have led to fake polling data
- How Useful Will Apple Intelligence Be? The Next iPhone Will Tell Us
- GM and EVgo plan more ‘flagship’ EV charging locations that look like gas stations
Archives
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- December 2011