New Windows vulnerability could lead to BSOD error similar to Microsoft-CrowdStrike outage: Report
A new report has warned against a vulnerability found in all versions of Windows 10 and 11, which could potentially cause a Blue Screen of Death (BSOD) error.
Cybersecurity company Fortra LLC discovered the vulnerability in the Common Log File System (CLFS) driver of Windows. It was caused by an improper validation of specified quantities in input data, meaning the system failed to correctly check the values entered by the user.
The vulnerability then could allow a malicious authenticated user to trigger the error through a forced call to the KeBugCheckEx function, which would lead to system instability and denial of service or DoS attacks.
A researcher at Fortra, Ricardo Narvaja, demonstrated how the vulnerability could be exploited via a proof-of-concept (PoC). Narvaja was able to craft specific values within a .BLF file, a format usually used by the Windows common log file system.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Although the vulnerability has been assigned a severity rating of only 6.8-Medium on the Common Vulnerabilities and Exposures benchmark, there is some chance that hackers could target it.
Tracked as CVE-2024-6768, there are no known mitigations or patches available yet.
This comes weeks after a buggy update in CrowdStrike led to widespread BSODs across industries globally.