Last month, large numbers of business and professional PCs running Windows 11 and Windows 10 around the world faced one of the largest global computer outages of all time.
This was the result of a faulty IPC model of CrowdStrikeFalconand this month the cybersecurity firm released its final report on the accident and all this led to the infamous Blue Screens of Death (BSOD), which have their roots in the early days of the very first Windows NT (just to give you an idea, it’s something that started with Windows 3.1).
Windows 11 and Windows 10: Unfortunately, a new flaw has arrived
While the BSOD outage caused by CrowdStrike was a consequence of a failed security update, a new flaw security vulnerability that causes BSOD has been discovered in a Windows driver by cybersecurity firm Fortra, and fully updated Windows systems are affected by this vulnerability.
While Windows 11 and Windows 10 updates are usually a “necessary step” to do, In some cases, before proceeding it is better to hear what the manufacturer (Microsoft in this case) has to say: this is one of those cases.
While the CrowdStrike disaster has been technically resolved, it continues to indirectly cause damage to Windows and Red Hat Linux operating systems in some casesin the case of Linux and macOS operating systems the equivalent of the Windows 11 and Windows 10 blue screen is called “Kernel Panic“, but that’s another story.
Experts Speak Out on Windows 11 and Windows 10 System Files
The company says that the Windows CLFS.SYS driver, responsible for managing the Common Log File System (CFS), is at the root of the issue, which is triggered by improper validation (CWE-1284), resulting in a denial-of-service-induced BSOD. The issue is being tracked under the ID “CVE-2024-6768.” Fortra’s Nicardo Narvaja writes:
CVE-2024-6768 is a vulnerability in the Windows Common Log File System (CLFS.sys) driver, caused by improper validation of quantities specified in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, even if all updates have been applied.
A proof of concept (PoC) demonstrates that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash. Potential issues include system instability and denial of service, as attackers can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.
On the plus side, this is a local attack, so a cybercriminal attempting to manipulate the CLFS’s core log file (BLF) would need physical access to the system; in fact you can find the technical details about the proof of concept (PoC) on website of Fortra.
Other similar flaws
The flaw is similar to CVE-2023-36424 LPE (local elevation of privilege) that Microsoft addressed last year with the November 2023 Patch Tuesday updates (KB5032189 for Windows 10 and KB5032190 for Windows 11).
This security vulnerability report comes hot on the heels of another issue we covered last week, where a Windows PC fully updated can be tricked into performing a permanent downgrade.
Windows 11 and Windows 10 users, should they be worried?
If you use company computers with CrowdStrike products, then you should be careful and follow “computer etiquette” rules and various precautions.
Private users who do not normally use these programs have absolutely nothing to fear.
#Windows #CVE20246768 #Driver #Flaw #Triggers #BSOD
