Dive Brief:
- A vulnerability in the common log file system of Microsoft Windows can lead to the blue screen of death, impacting all versions of Windows 10 and Windows 11, researchers from Fortra said Monday.
- The vulnerability, listed as CVE-2024- 6768, is caused by improper validation of specified quantities of input data, according to a report by Fortra. The vulnerability can result in an unrecoverable inconsistency and trigger a function called KeBugCheckEx, leading to the blue screen.
- A malicious hacker can exploit the flaw to trigger repeated crashes, disrupting system operations and the potential loss of data, according to Fortra.
Dive Insight:
Fortra originally reported the vulnerability to Microsoft in December, with a proof of concept exploit, according to a timeline provided by Fortra. Microsoft told them on two different occasions their engineers could not reproduce the vulnerability, according to the timeline.
“Microsoft told us that they could not reproduce the issue and closed the case,” Tyler Reguly, associate director of security research at Fortra, said via email.
Microsoft, however said the research that was shared with them does not rise to the level of a security threat that requires an immediate response.
“We have reviewed this report and have found that it does not meet the bar for immediate servicing under our severity classification guidelines and we will consider it for a future product update,” a Microsoft spokesperson said via email. “The technique described requires an attacker to have already gained code execution capabilities on the target machine and it does not grant elevated permissions.”
Microsoft said customers should practice good computing habits, which include exercising caution when running programs they do not recognize.
The vulnerability disclosure comes less than a month after Microsoft was involved in one of the biggest global IT outages in history. A flawed software update in the CrowdStrike Falcon platform led to an outage July 19 involving about 8.5 million Windows devices.
Critical providers, ranging from airlines to hospitals and financial institutions across the globe were impacted when they temporarily faced similar blue screens on their Windows computers.
There is no indication the vulnerability identified by Fortra played a role in the outage related to the CrowdStrike update.
In late July, Microsoft also dealt with a separate DDoS attack that impacted Azure and 365 services.
Editor’s note: This story has been updated to include additional details from Fortra and a statement from Microsoft.
Source link