Security researchers uncover a new blue screen of death vulnerability.
Less than a month has passed since an issue with a CrowdStrike update left millions of Windows machines struggling to break free from a blue screen of death loop, but now a new blue screen threat has been revealed. An August 12 report from cybersecurity software company Fortra has detailed how a newly uncovered Windows vulnerability can lead to yet another blue screen of death. What’s more, the researchers said, all versions of Windows 10 and Windows 11 are affected, even if all current security updates have been installed.
The security vulnerability, officially cataloged as CVE-2024-6768, concerns the common log file system Windows driver. When faced with an improper validation of specified quantities within input data, CVE-2024-6768 will trigger a function known as KeBugCheckEx and result in the dreaded blue screen of death. Something that Windows users are only too familiar with following the recent CrowdStrike issues that produced the same blue screen end result. Despite the ultimate payload of an exploit being pretty serious and requiring no user interaction, because the attack vector is local rather than remote, the vulnerability is graded as being of medium risk.
The CVE-2024-6768 blue screen of death can impact all versions of Windows 10 and Windows 11, as well as Windows Server 2022, regardless of whether they have been updated with all security patches to date. The researchers have shown that a user with no privileges can induce a system crash by using a specially crafted file.
“The potential problems include system instability and denial of service,” Ricardo Narvaja, principal exploit writer with security company Fortra, and the author of the report, mentioned. He explained that “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
The blue screen of death proof of concept exploit on a Windows 11 device
Tyler Reguly, Fortra’s associate director of security research and development, conveyed that Microsoft was initially notified about the issue in December 2023. However, by February 2024, interactions with the company dwindled as Microsoft mentioned it could not reproduce the vulnerability. This is despite Fortra researchers successfully replicating the results in a proof of concept on “dozens of systems both virtual and physical.” Without any feasible workaround or mitigation discovered by the researchers, Reguly expressed that “We do not expect to see a fix from them.” The publication of the vulnerability report today is partly in hopes that it will prompt Microsoft to realize the ease of exploitation and consider “exploring a fix moving forward.”
I have contacted Microsoft for an official statement.
Tyler Reguly expressed doubts about the recent vulnerability being exploited extensively because the scenario and consequences are relatively minor; recovery from a blue screen of death is usually straightforward. Nonetheless, it’s significant that a low-level user can now restart a system unexpectedly, even when multiple users are logged on. Reguly suggested, “Most likely, this vulnerability could be used by an insider wanting to disrupt a multi-user server just for chaos, or by an attacker lacking high-level privileges who intends to restart the server without leaving a trace of a user-initiated action.”
Ordinary Windows users shouldn’t be overly concerned about this issue. However, organizations should be attentive, especially since there seems to be a delay in Microsoft’s response to fix this flaw. Reguly opined, “The ideal outcome would be for Microsoft to notice the release and decide to issue an update to fix the vulnerability.”
There have been a string of problems with blue screen of death incidents affecting Microsoft lately. Notably, a CrowdStrike update adversely impacted Microsoft users without being directly Microsoft’s fault, alongside another blue screen occurrence triggered by a security update in July 2024. This lead to notices warning that Windows devices might boot into BitLocker recovery if encryption is enabled.
One Community. Many Voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.
Your post will be rejected if we notice that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
