A new vulnerability has been discovered in Microsoft Windows which could lead to another Blue Screen of Death (BSOD) error, just a month after a similar problem caused by a faulty device. Mass coup Update. The vulnerability, cataloged as CVE-2024-6768, was discovered by cybersecurity software firm Fortra and affects all versions of Windows 10, Windows 11, and Windows Server 2022.
The flaw is linked to the Common Log File System (CLFS.sys) Windows driver, where incorrect validation of input data amounts triggers the KeBugCheckEx function, resulting in the infamous bug BSOD ErrorThe vulnerability allows an unauthenticated, low-privileged malicious user to exploit this weakness, leading to system instability and denial of service (DoS). The Blue Screen of Death error can be generated by a specific call to the KeBugCheckEx function, which can cause repeated crashes, interrupt operations, and lead to data loss.
Ricardo Narvaja, one of Fortra’s lead exploit authors and the author of the report, highlighted the severity of the issue, noting that it could be exploited to cause major disruptions. Despite Fortra reporting the vulnerability to Microsoft in December 2023, the tech giant has struggled to reproduce the issue. Microsoft last responded in February 2024, stating that they were unable to replicate the issue and were closing the case.
This discovery comes shortly after a similar blue screen error caused by the faulty CrowdStrike update, which had serious consequences globally. The new vulnerability further highlights the ongoing challenges in ensuring system stability and security for Windows users. As of now, there is no indication that Microsoft will release a patch or fix, leaving systems potentially vulnerable to exploitation. Users and organizations are advised to remain vigilant and consider alternative security measures until a fix is available.
Disclaimer:
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.