Cybersecurity researchers have found a new vulnerability in Windows that allows threat actors to completely brick devices and cause serious data loss.
In a newly published security advisory, experts from Fortra said they discovered an improper input data validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By creating a new value in a specific log file format (for example, .BLF file), crooks could force the system into the Blue Screen of Death (BSOD) crash.
Both Windows 10 and Windows 11 operating systems (all versions) are susceptible, and the vulnerability was said to be easy to execute, even with low privileges. Furthermore, it requires no interaction on the victim’s side.
Proof of Concept
The vulnerability is tracked as CVE-2024-6768, and carries a severity score of 6.8 (medium). Even though this score might indicate low disruptive potential, Fortra’s researchers said the flaw could render systems unstable, and even facilitate Denial of Service (DoS) attacks. Threat actors could use it to repeatedly crash vulnerable systems.
There is currently no evidence of the vulnerability being exploited in the wild. However, with Fortra releasing a Proof-of-Concept (PoC) together with the security advisory, it’s now just a matter of time before cybercriminals add it to their arsenal. Since the attack vector is local, crooks looking to abuse it need to run it on the system itself. However, it can be run with low privileges, making it available even for beginner attackers.
Fortra’s advisory also suggests that Microsoft is yet to address the issue. The company said that Redmond tried, on two occasions, to reproduce the issue, and since it failed (last time it tried was in late February 2024) it closed the case. That would also mean that even the latest versions of Windows (both Windows 10 and Windows 11) were vulnerable.
More from TechRadar Pro
- One of Microsoft’s biggest Windows 11 updates yet brought a massive number of security flaw fixes
- Here's a list of the best malware removal tools around today
- These are the best endpoint security tools right now