Serious Vulnerability Found in Windows System Driver

TapTechNews August 13th news, the network security company Fortra found a serious vulnerability (CVE-2024-6768) in a key driver in the Windows system, which can lead to a blue screen of death of the system. It is worth noting that this problem affects all versions of Windows 10 and Windows 11 systems, and even if the system has installed the latest patch, it cannot be avoided.

The vulnerability exists in the Common Log File System (CLFS.SYS) driver of Windows. Due to improper validation of input data, it will cause an unrecoverable error in the system, and finally trigger a blue screen of death. Nicardo Narvaja, a researcher at Fortra, said that attackers can induce system crashes through elaborately constructed.BLF files, causing system instability and even denial of service.

Although this is a local attack, requiring the attacker to have physical contact with the target system, its potential harm cannot be ignored. Attackers can use this vulnerability to repeatedly crash the system, resulting in system interruption and data loss.

TapTechNews noted that this is not the first time that a serious vulnerability related to CLFS has occurred in the Windows system. Last year, Microsoft had repaired a similar vulnerability (CVE-2023-36424), which could lead to local privilege escalation.