A critical bug in the Common Log File System (CLFS) driver has been causing widespread blue screen of death (BSoD) errors on various recent versions of Windows operating systems. This bug in the CLFS driver, which is responsible for logging and managing system logs, has been identified as a potential target for cyber attacks.
Last year, a researcher from Fortra discovered a flaw in the CLFS driver that allowed for the manipulation of input data, leading to system crashes. This vulnerability, labeled CVE-2024-6768, specifically involves base log files (BLFs) that contain essential metadata for log management. The issue arises from a lack of validation in the driver, which can be exploited by attackers to craft malicious files that confuse the system and ultimately trigger a BSoD.
Tyler Reguly, associate director of security R&D at Fortra, emphasized the simplicity of exploiting this vulnerability, stating that a basic function call can easily crash the system. Despite the severity of the issue, Microsoft has not yet released a patch to address it, leaving Windows systems vulnerable to potential crashes and disruptions to business operations.
The CVSS score for CVE-2024-6768 is rated as “medium”, indicating that while it does not compromise data integrity or confidentiality, it can still lead to significant system instability. Reguly noted that when combined with other exploits, this vulnerability could be leveraged by attackers to cover their tracks or disrupt services undetected.
Despite efforts from Fortra to report the issue to Microsoft, the tech giant has yet to acknowledge it as a critical vulnerability or issue a fix. As a result, organizations are left without a solution to mitigate the risks posed by CVE-2024-6768, other than avoiding running any potentially malicious binaries and relying on Windows Defender to flag any related malware.
As the situation unfolds, Dark Reading has reached out to Microsoft for further clarification and insight on how they plan to address the CLFS driver bug and the associated BSoD crashes. Until an official patch is released by Microsoft, users are advised to exercise caution when running unfamiliar programs and remain vigilant for any signs of system instability or suspicious activity.