CVE-2024-6768 BSOD: Everything to Know about the Blue Screen

Fortra report disclosed a new security vulnerability in Windows drivers CVE-2024-6768 that could cause a blue screen of death to PCs running Windows 11/10 and Server 2022. Want to know the details of this CVE-2024-6768 Blue Screen of Death vulnerability? Please read this article by MiniTool.

Last month, millions of Windows PCs worldwide suffered one of the major global computer downtimes caused by the CrowdStrike Falcon flaw. Less than a month after the CrowdStrike Blue Screen of Death incident occurred, cybersecurity company Fortra disclosed another new Blue Screen of Death problem in a report: CVE-2024-6768 Blue Screen of Death vulnerability.

About CVE-2024-6768 Blue Screen of Death Vulnerability

Specifically, there is a new vulnerability in the Windows CLFS.sys (Public Log File System) driver that is responsible for logging applications and managing logs. This vulnerability was traced to CVE-2024-6768, resulting in a denial of service incorrect verification of the specified number in the input in the CLFS.sys driver (CWE-1284).

This error can lead to irrecoverable inconsistencies, triggering the KeBugCheckEx function, and ultimately leading to the infamous blue screen of death, a long-standing nightmare for Windows users.

The scope of impact of vulnerabilities

CVE-2024-6768 Blue Screen of Death vulnerability is indiscriminate and currently affects all versions of Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022, regardless of whether they have all the latest security patches installed.

Researcher Ricardo Narvaja has demonstrated the vulnerability through PoC (Proof of Concept) that uses specific values ​​in .BLF files (file format in Windows CLFS). No user interaction is required, unprivileged users can make specific inputs to induce system crashes.

According to a report, potential problems arise, such as system instability and denial of service. Malicious users can repeatedly exploit the CVE-2024-6768 vulnerability, causing the affected system to crash continuously, interrupt operations and lead to potential data loss.

In terms of the severity of CVE-2024-6768 Blue Screen of Death, it is in the medium level, with a rating of 6.8 on CVSS (General Vulnerability Scoring System). The attack vector is local, meaning that malicious attackers need physical access to the machine to exploit the vulnerability, which to some extent limits the scope of potential attacks.

There is currently no fix for CVE-2024-6768 Blue Screen of Death, but there are some suggestions

According to a timeline released by Fortra, the company reported a proof-of-concept vulnerability to Microsoft on December 20, 2023, which Microsoft responded that their engineers were unable to reproduce. Finally, Fortra released the CVE-2024-6768 vulnerability on August 12, 2024.

Currently, due to the nature of the vulnerability, Microsoft has no mitigation or solution to fix the CVE-2024-6768 Blue Screen of Death issue. IT administrators should exercise caution and try to take some additional security measures when possible.

1. Limit physical access to critical systems
2. Monitor any abnormal activity that attempts to exploit this vulnerability
3. Keep Windows systems up to date to reduce the risk of being exploited

Backup files to avoid data loss

If you are a regular user, the only thing you can do is to keep your data safe, because as mentioned above, duplicate system crashes can lead to potential data loss. For data backup, we recommend MiniTool ShadowMaker, a professional and best backup software for Windows 11/10/8.1/8/7 and Server 2016/2019/2022.

This backup utility plays an important role in file backup, folder backup, disk backup, and partition backup. Additionally, MiniTool ShadowMaker allows data backups to be periodically backed up by setting a time point of one day, one week, or one month. In addition, incremental and differential backups are supported, saving time and disk space.

Get it on your PC and follow the steps below to start the backup.

Step 1: Start the MiniTool ShadowMaker trial version on your Windows PC or server.

Step 2: Go to Backup > Source , select the content you want to back up, and click OK .

Step 3: Under Backup , click on the target to select a path (such as an external drive) to save the backup image.

Step 4: For Automatic Backup, click Options > Schedule Settings and configure a plan. Then, click Backup Now to start a full backup, and a scheduled backup will be created at the set time.

Please note that the URL of the image needs to be replaced with the actual accessible URL. I retained the original image order and format.

The above is the detailed content of CVE-2024-6768 BSOD: Everything to Know about the Blue Screen. For more information, please follow other related articles on the PHP Chinese website!