Cybersecurity researchers have discovered a new vulnerability in Windows that could allow attackers to completely block devices and cause serious data loss.
In a recently published security advisory, Fortra experts said they discovered an improper input data validation vulnerability in the Common Log File System (CLFS.sys) Windows driver. By creating a new value in a specific log file format (e.g., .BLF file), attackers could force the system to crash into a Blue Screen of Death (BSOD).
Both Windows 10 and Windows 11 operating systems (all versions) are susceptible and the vulnerability would be easy to execute even with low privileges. Furthermore, no interaction from the victim is required.
Proof of concept
The vulnerability is tracked as CVE-2024-6768 and has a severity score of 6.8 (medium). While that score may indicate low disruptive potential, Fortra researchers said the flaw can cause system instability and even facilitate denial of service (DoS) attacks. Threat actors could use it to repeatedly crash vulnerable systems.
There is currently no evidence of the vulnerability being exploited in the wild. However, with Fortra releasing a Proof-of-Concept (PoC) along with the security advisory, it is now only a matter of time before cybercriminals add it to their arsenal. Because the attack vector is local, criminals wishing to exploit it would need to execute it on the system itself. However, it can be executed with low privileges, making it accessible even to novice attackers.
Fortra’s advisory also suggests that Microsoft hasn’t yet addressed the issue. The company said Redmond tried to reproduce the problem twice, and because it failed (the last time it tried was in late February 2024), it closed the case. That would also mean that even the latest versions of Windows (both Windows 10 and Windows 11) were vulnerable.