Last month, a significant disruption swept through the global landscape of Windows enterprise and business PCs, marking one of the most considerable computing outages in recent history. This incident stemmed from a flawed CrowdStrike Falcon IPC Template Type, leading to the notorious Blue Screens of Death (BSODs), a phenomenon that dates back to the early days of Windows NT (version 3.1).
New Vulnerability Discovered
Following the CrowdStrike incident, cybersecurity firm Fortra has unveiled a new BSOD-inducing security flaw within a Windows driver, impacting fully updated systems. The vulnerability lies within the CLFS.SYS driver, which manages the Common Log File System. According to Fortra, the issue arises from improper validation (CWE-1284) of input data, resulting in a denial-of-service-triggered BSOD.
Fortra’s Nicardo Narvaja elaborated on the situation:
CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, despite having all updates applied.
The report highlights that a crafted .BLF file can allow an unprivileged user to induce a system crash, potentially leading to instability and denial of service. This vulnerability opens the door for malicious users to exploit the flaw, causing repeated crashes that disrupt operations and may result in data loss.
On a positive note, the nature of this attack is local, meaning that a threat actor would need physical access to the system to manipulate the CLFS’ Base Log File (BLF). For those interested in the technical aspects, detailed information regarding the Proof of Concept (PoC) is available on Fortra’s website.
This newly identified flaw bears resemblance to CVE-2023-36424, a local privilege escalation vulnerability that Microsoft addressed in the November 2023 Patch Tuesday updates (KB5032189 for Windows 10 and KB5032190 for Windows 11).
The emergence of this security flaw report follows closely on the heels of another issue previously discussed, where fully updated Windows PCs could be tricked into a permanent downgrade.
