New Windows vulnerability could repeatedly trigger the blue screen of death on millions of devices

A new Windows vulnerability could be exploited by attackers to generate an unrecoverable inconsistency and repeatedly crash affected systems, researchers have warned.

Ricardo Narvaja, principal exploit writer at cybersecurity and automation software company Fortra, uncovered a vulnerability in the common log file system (CLFS.sys) driver of Windows.

Disclosed by Fortra on 12 August, CVE-2024-6768 is said to have been caused by improper validation of specified quantities in input data, leading to an unrecoverable inconsistency, which triggers the KeBugCheckEx function, resulting in the infamous blue screen of death.

A proof of concept (PoC) developed by Narvaja revealed that by crafting specific values within a .BLF file, the format of log files used by the Windows common log file system t, an unprivileged user could cause the target system to crash.

Narvaja noted that in his previous two research projects on the CLFS, and was able to achieve remote code execution (RCE) in both instances.

Despite only requiring low level account privileges and being listed as having a low attack complexity, CVE-2024-6768 is a medium severity security flaw rated a 6.8 on the CVSS, possibly due to a potential attacker requiring a local access in order to exploit it.

Fortra’s blog warned the issue affects all versions of Windows, up to and including the latest versions of both Windows 10 and 11 with all updates applied.

Narvaja has made the functional PoC with sources as well as the crafted .BLF file available on Fortra’s GitHub for those looking to learn more about the vulnerability.