A New Microsoft Vulnerability Warning
Microsoft’s critical outage which was caused by the CrowdStrike faulty update last month brought both public and private sector networks around the world to a standstill.
One month later, another vulnerability has been discovered in Windows that can result in another blue screen of death (BSoD) error. The vulnerability has been uncovered by cybersecurity software company Fortra.
Forta describes the vulnerability stating “A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.”
The vulnerability is officially catalogued as CVE-2024-6768 concerns the common log file system Windows driver. Improper validation of specified quantities in input data triggers KeBugCheckEx function, leading to the infamous BSoD error. It impacts all versions of Windows 10 and Windows 11, as well as Windows Server 2022.
Ricardo Narvaja, principal exploit writer at Fortra said “The potential problems include system instability and denial of service” which “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
Forta says that it first informed Microsoft about the vulnerability in December last year. However, the company last responded in February 2024 saying that ‘they still could not reproduce the issue and they were closing the case’.
Fortra | NIST | Times of India | Forbes | PacketStorm
Image: Ideogram
You Might Also Read:
DDoS Attack Knocks Azure Offline:
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible