A New Microsoft Vulnerability Warning

Microsoft’s critical outage which was caused by the CrowdStrike faulty update last month brought both  public and private  sector networks around the world to a standstill. 

One  month later, another vulnerability has been discovered in Windows that can result in another blue screen of death (BSoD) error.  The vulnerability has been uncovered by cybersecurity software company Fortra.

Forta describes the vulnerability stating “A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.”

The vulnerability is officially catalogued as CVE-2024-6768 concerns the common log file system Windows driver. Improper validation of specified quantities in input data triggers KeBugCheckEx function, leading to the infamous BSoD error. It impacts all versions of Windows 10 and Windows 11, as well as Windows Server 2022.

Ricardo Narvaja, principal exploit writer at Fortra  said “The potential problems include system instability and denial of service” which “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.” 

Forta says that it first informed Microsoft about the vulnerability in December last year. However, the company last responded in February 2024 saying that ‘they still could not reproduce the issue and they were closing the case’.

Fortra    |    NIST   |   Times of India  |    Forbes   |     PacketStorm

Image: Ideogram

You Might Also Read: 

DDoS Attack Knocks Azure Offline:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Five Critical Security Benefits Of CIAM
Quantum Computing Security Could Solve The Data Sovereignty Challenge »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

RedLattice

RedLattice

RedLattice are at the cutting edge of tool development and AI-assisted vulnerability research in cybersecurity.