Cybersecurity company Fortra LLC discovered the vulnerability in the Common Log File System (CLFS) driver of Windows. It was caused due to an improper validation of specified quantities in input data, meaning the system failed to correctly check the values entered by the user.
The vulnerability then could enable a malicious authenticated user to trigger the error through a forced call to the KeBugCheckEx function, which would lead to system instability and denial of service or DoS attacks.
Also Read: Samsung To Bring Circle To Search For Mid-Range Devices
New Vulnerability Could Cause BSOD
A researcher at Fortra, Ricardo Narvaja, demonstrated how the vulnerability could be exploited through a proof-of-concept (PoC). Narvaja was able to craft specific values within a.BLF file is a format usually used by the Windows common log file system.
Although the vulnerability has been assigned a severity rating of only 6.8-medium on the Common Vulnerabilities and Exposures benchmark, there is some chance that hackers could target it.
Tracked as CVE-2024-6768, there are no known mitigations or patches available as of now. This comes weeks after an update from CrowdStrike led to widespread BSODs across industries across the globe.
The recent IT outage wasn’t just bad for CrowdStrike, but also a wake-up call for Microsoft. To avoid such instances in the future, Microsoft could take some serious steps, as it is evaluating blocking third-party security software from accessing the Windows Kernel, according to a blog post by John Cable, VP of program management for Windows servicing and delivery.
Also Read: Gemini Live To Soon Answer Queries About Things In Camera Viewfinder
Microsoft Could Bring Surprising Changes To Curb Outages
If this change were to be put in place, the restriction would imitate Apple’s 2020 move, which limited third-party software from accessing its core OS. The change was brought to macOS Big Sur, making sure that every system partition that contains the core OS is cryptographically verified, down to every last file.
The goal is to curb third-party entities that could melt down the whole system.
But this change isn’t easy to pull off. The company tried doing the exact same thing in 2006 with Windows Vista, curbing third parties from having Kernel access. However, the plan failed due to resistance from EU regulators and complaints from cybersecurity vendors.
In the blog post, John Cable states, “Examples of innovation include the recently announced VBS enclaves, which provide an isolated compute environment that does not require kernel mode drivers to be tamper resistant, and the Microsoft Azure Attestation service, which can help determine boot path security posture.”