Less than a month has passed since an issue with a CrowdStrike update left millions of Windows machines struggling to break free from a blue screen of death loop, but now a new blue screen threat has been revealed. An August 12 report from cybersecurity software company Fortra has detailed how a newly uncovered Windows vulnerability can lead to yet another blue screen of death.
The security vulnerability, officially cataloged as CVE-2024-6768, concerns the common log file system Windows driver. When faced with an improper validation of specified quantities within input data, CVE-2024-6768 will trigger a function known as KeBugCheckEx and result in the dreaded blue screen of death.
All versions of Windows 10 and Windows 11 are affected by this vulnerability, regardless of whether they have been updated with all security patches to date. The researchers have shown that a user with no privileges can induce a system crash by using a specially crafted file.
The potential problems include system instability and denial of service. Malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.
Microsoft was first made aware of the issue in December 2023, but the company became unresponsive in February 2024, stating it could not reproduce the vulnerability. Despite Fortra researchers reproducing the results in a proof of concept across dozens of systems both virtual and physical, there is no workaround or mitigation that the researchers could identify.
The vulnerability does not meet the bar for immediate servicing under Microsoft’s severity classification guidelines, but the company will consider it for a future product update. The technique described requires an attacker to have already gained code execution capabilities on the target machine and it does not grant elevated permissions.
Organizations should take note of this issue, as it may be exploited in cases where a malicious insider wishes to take down a multi-user server simply to cause havoc, or an attacker who wants to reboot a system but doesn’t have a high privilege account or doesn’t want a log of a user-initiated reboot.
Source: https://www.forbes.com/sites/daveywinder/2024/08/12/new-microsoft-windows-10-11-server-blue-screen-of-death-warning/