Security researchers uncover a new blue screen of death vulnerability.
Less than a month has passed since an issue with a CrowdStrike update left millions of Windows machines struggling to break free from a blue screen of death loop, but now a new blue screen threat has been revealed. An August 12 report from cybersecurity software company Fortra has detailed how a newly uncovered Windows vulnerability can lead to yet another blue screen of death. What’s more, the researchers said, all versions of Windows 10 and Windows 11 are affected, even if all current security updates have been installed.
The security vulnerability, officially cataloged as CVE-2024-6768, concerns the common log file system Windows driver. When faced with an improper validation of specified quantities within input data, CVE-2024-6768 will trigger a function known as KeBugCheckEx and result in the dreaded blue screen of death. Something that Windows users are only too familiar with following the recent CrowdStrike issues that produced the same blue screen end result. Despite the ultimate payload of an exploit being pretty serious and requiring no user interaction, because the attack vector is local rather than remote, the vulnerability is graded as being of medium risk.
The CVE-2024-6768 blue screen of death can impact all versions of Windows 10 and Windows 11, as well as Windows Server 2022, regardless of whether they have been updated with all security patches to date. The researchers have shown that a user with no privileges can induce a system crash by using a specially crafted file.
“The potential problems include system instability and denial of service,” stated Ricardo Narvaja, principal exploit writer with security company Fortra, who authored the report. He added, “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
The blue screen of death proof of concept exploit on a Windows 11 device
Tyler Reguly, Fortra’s associate director of security research and development, informed me that Microsoft was notified about the issue in December 2023. However, the company “became unresponsive in February 2024,” according to Reguly. He reported that despite Microsoft’s claims of being unable to reproduce the vulnerability, Fortra researchers successfully demonstrated the exploit on “dozens of systems both virtual and physical.” There is no identified workaround or mitigation for the vulnerability, and Reguly expressed, “We do not expect to see a fix from them.” The publication of the vulnerability report today is partly in hopes that Microsoft acknowledges the exploit’s ease and considers “exploring a fix moving forward.”
I have reached out to Microsoft for a statement.
Tyler Reguly explained that it’s improbable the vulnerability will be exploited in the wild due to the limited use case and impact, citing the recoverability of the blue screen of death. Nevertheless, he noted that a low-privileged user could now reboot the system unexpectedly, affecting all users logged in at the time. “The likely scenarios for usage would be by a malicious insider aiming to disrupt a multi-user server, or by an attacker lacking high-level privileges wanting to reboot the system without logging the action,” Reguly mentioned.
The typical Windows user should not be overly concerned about this issue. However, organizations should be attentive and might find the lack of a prompt resolution from Microsoft worrying. “The ideal outcome,” Reguly hopes, “is for Microsoft to acknowledge this release and patch the vulnerability promptly.”
Microsoft has recently encountered several problems related to the blue screen of death. Aside from the mentioned issue caused by a CrowdStrike update, another incident following a July 2024 security update led to warnings that Windows devices might boot into BitLocker recovery, affecting users with encryption features enabled.
One Community. Many Voices. Create a free account to share your thoughts.
Our community strives to foster connections through open and thoughtful dialogue. We encourage our readers to share their opinions, exchange ideas, and discuss facts in a respectful environment.
To maintain this atmosphere, please adhere to the posting guidelines outlined in our site’s Terms of Service. Below, we provide a summary of some critical guidelines. In essence, please remain respectful and courteous at all times.
Your submission may be declined if it appears to contain content against our policies.
User accounts may be blocked if it is noticed or suspected that the activities breach our community standards.
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
