Cybersecurity researchers have discovered a new vulnerability in Windows that allows threat actors to completely lock down devices and cause serious data loss.
In a recently published security advisory, Fortra experts claimed to have discovered an improper input validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By creating a new value in a specific log file format (e.g., the .BLF file), attackers could force the system to crash into a Blue Screen of Death (BSOD).
Both Windows 10 and Windows 11 (all versions) operating systems are susceptible and the vulnerability is said to be easy to execute, even with low privileges. Furthermore, it requires no interaction from the victim.
Proof of concept
The vulnerability is known as CVE-2024-6768 and has a severity score of 6.8 (medium). While this score might indicate low disruptive potential, Fortra researchers said the flaw could render systems unstable and even facilitate denial of service (DoS) attacks. Threat actors could use it to repeatedly crash vulnerable systems.
There is currently no evidence that the vulnerability is being exploited on the network. However, since Fortra published a proof of concept (PoC) alongside the security advisory, it is now only a matter of time before cybercriminals add it to their arsenal. Since the attack vector is local, criminals looking to abuse it must run it on the system itself. However, it can be run with low privileges, making it available even to novice attackers.
Fortra's advisory also suggests that Microsoft has yet to address the issue. The company said that Redmond tried, on two occasions, to reproduce the issue, and when it was unsuccessful (the last time it tried was in late February 2024), it closed the case. That would also mean that even the latest versions of Windows (both Windows 10 and Windows 11) were vulnerable.
