Watch out Hackers can crash Windows 10 & 11 with CLFS Vulnerability

August 13, 2024
1 min read

TLDR:

A newly discovered vulnerability in the CLFS.sys driver of Windows allows low-privileged users to trigger a BSOD error, potentially causing system crashes and disruptions. The vulnerability, tracked as CVE-2024-6768, has a medium severity rating but poses a significant risk due to its potential for repeated exploitation.

A researcher at Fortra demonstrated the vulnerability through a PoC that exploits specific values within a .BLF file. Despite the local attack vector, there are currently no known mitigations or patches available for CVE-2024-6768.

Full Article:

A newly discovered vulnerability in the Common Log File System (CLFS.sys) driver of Windows has been identified, potentially affecting millions of devices running Windows 10, Windows 11, and various Windows Server versions. Tracked as CVE-2024-6768, this vulnerability allows a malicious authenticated low-privilege user to trigger a Blue Screen of Death (BSOD) through a forced call to the KeBugCheckEx function, leading to system instability and denial of service (DoS) attacks.

The flaw is attributed to improper validation of specified quantities in input data, categorized under CWE-1284. This vulnerability can cause an unrecoverable system state, making it possible for an attacker to repeatedly crash affected systems, potentially causing data loss and operational disruptions.

Ricardo Narvaja, a researcher at Fortra, demonstrated the vulnerability through a proof of concept (PoC) that exploits specific values within a .BLF file, a format used by the Windows common log file system. This PoC shows that an unprivileged user can induce a system crash without requiring user interaction, highlighting the vulnerability’s low attack complexity.

Despite the medium severity rating of 6.8 on the Common Vulnerability Scoring System (CVSS), the vulnerability poses a significant risk due to its potential for repeated exploitation. The attack vector is local, meaning it must be executed on the system itself, which somewhat limits the scope of potential attacks.

Currently, there are no known mitigations or patches available for CVE-2024-6768. The vulnerability, affecting the CLFS.sys driver in Windows 10, Windows 11, and several Windows Server versions allows a low-privilege user to cause a Blue Screen of Death (BSOD) through improper input validation.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and