Last month, large numbers of business and professional PCs running Windows 11 and Windows 10 around the world faced one of the largest global computer outages of all time.
This was the result of a faulty CrowdStrike Falcon IPC model, and this month the cybersecurity firm released its final report on the incident, and it all led to the infamous Blue Screens of Death (BSOD), which have their roots in the early days of the very first Windows NT (for context, this started in Windows 3.1).
Windows 11 and Windows 10: Unfortunately, a new flaw has arrived
While the BSOD outage caused by CrowdStrike was a consequence of a failed security update, a new BSOD-causing security flaw has been discovered in a Windows driver by cybersecurity firm Fortra, and fully updated Windows systems are affected by this vulnerability.
While it is usually a “necessary step” to do Windows 11 and Windows 10 updates, in some cases it is better to hear what the manufacturer (Microsoft in this case) has to say before proceeding: this is one of those cases.
While the CrowdStrike disaster has technically been resolved, it continues to indirectly cause damage on Windows and Linux operating systems. Red Hat in some cases, in the case of Linux and macOS operating systems, the equivalent of the Windows 11 and Windows 10 blue screen is called “Kernel Panic,” but that’s another story.
Experts Speak Out on Windows 11 and Windows 10 System Files
The company says that the Windows CLFS.SYS driver, responsible for managing the Common Log File System (CFS), is at the root of the issue, which is triggered by improper validation (CWE-1284), resulting in a denial-of-service-induced BSOD. The issue is being tracked under the ID “CVE-2024-6768.” Fortra’s Nicardo Narvaja writes:
CVE-2024-6768 is a vulnerability in the Windows Common Log File System (CLFS.sys) driver, caused by improper validation of quantities specified in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, even if all updates have been applied.
A proof of concept (PoC) demonstrates that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash. Potential issues include system instability and denial of service, as attackers can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.
On the bright side, this is a local attack, so a cybercriminal attempting to manipulate the CLFS core log file (BLF) would need physical access to the system; indeed, you can find the technical details of the proof of concept (PoC) on the Fortra website.
Other similar flaws
The flaw is similar to CVE-2023-36424 LPE (local elevation of privilege) that Microsoft addressed last year with the November 2023 Patch Tuesday updates (KB5032189 for Windows 10 and KB5032190 for Windows 11).
This security vulnerability report comes hot on the heels of another issue we covered last week, where a fully updated Windows PC could be tricked into performing a permanent downgrade.
Windows 11 and Windows 10 users, should they be worried?
If you use company computers with CrowdStrike products, then you should be careful and follow “computer etiquette” rules and various precautions.
Private users who do not normally use these programs have absolutely nothing to fear.