Researchers warn that attackers could exploit a new vulnerability in Windows to create an unfixable inconsistency and cause affected systems to crash repeatedly.
Ricardo Narvaja, lead exploit author at cybersecurity and automation software company Fortra, discovered a vulnerability in Windows’ Common Log File System driver (CLFS.sys).
CVE-2024-6768 was announced by Fortra on August 12th and is said to have been caused by improper validation of certain quantities in the input data, resulting in an unrecoverable inconsistency that allowed the KeBugCheckEx function, which leads to the infamous blue screen of death.
A proof of concept (PoC) developed by Narvaja found that an unprivileged user could cause a crash of the target system by creating certain values ββin a BLF file, the log file format of the Windows Common Log File System.
Narvaja noted that in his two previous research projects on CLFS, he was able to achieve remote code execution (RCE) in both cases.
Although CVE-2024-6768 requires only low-level account privileges and the attack complexity is low, CVE-2024-6768 is a medium severity vulnerability with a CVSS score of 6.8. This is possibly because a potential attacker would need local access to exploit the vulnerability.
Fortra’s blog warned that the issue affects all versions of Windows, up to and including the latest versions of Windows 10 and 11 with all updates installed.
Narvaja has made the functional PoC with sources as well as the created .BLF file available on Fortra’s GitHub for anyone interested in learning more about the vulnerability.