The ultimate BSOD — this Windows driver security flaw could crash your whole system, and Microsoft is still yet to fix it


Cybersecurity researchers have found a new vulnerability in Windows that allows threat actors to completely brick devices and cause serious data loss.
In a newly published security advisory, experts from Fortra said they discovered an improper input data validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By creating a new value in a specific log file format (for example, .BLF file), crooks could force the system into the Blue Screen of Death (BSOD) crash.
Both Windows 10 and Windows 11 operating systems (all versions) are susceptible, and the vulnerability was said to be easy to execute, even with low privileges. Furthermore, it requires no interaction on the victim’s side.
Proof of Concept
The vulnerability is tracked as CVE-2024-6768, and carries a severity score of 6.8 (medium). Even though this score might indicate low disruptive potential, Fortra’s researchers said the flaw could render systems unstable, and even facilitate Denial of Service (DoS) attacks. Threat actors could use it to repeatedly crash vulnerable systems.
There is currently no evidence of the vulnerability being exploited in the wild. However, with Fortra releasing a Proof-of-Concept (PoC) together with the security advisory, it’s now just a matter of time before cybercriminals add it to their arsenal. Since the attack vector is local, crooks looking to abuse it need to run it on the system itself. However, it can be run with low privileges, making it available even for beginner attackers.
Fortra’s advisory also suggests that Microsoft is yet to address the issue. The company said that Redmond tried, on two occasions, to reproduce the issue, and since it failed (last time it tried was in late February 2024) it closed the case. That would also mean that even the latest versions of Windows (both Windows 10 and Windows 11) were vulnerable.
More from TechRadar Pro
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Cybersecurity researchers have found a new vulnerability in Windows that allows threat actors to completely brick devices and cause serious data loss. In a newly published security advisory, experts from Fortra said they discovered an improper input data validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By…
Recent Posts
- XO, Kitty season 3: everything we know so far about the hit show’s return to Netflix
- This surprisingly simple way to hide hardware security keys in mainstream flash memory could pave the way for ultra-secure storage very soon
- Quordle hints and answers for Sunday, July 6 (game #1259)
- NYT Connections hints and answers for Sunday, July 6 (game #756)
- NYT Strands hints and answers for Sunday, July 6 (game #490)
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022