Fortra Warns of a Vulnerability that Can Cause DoS and Instability

Highlights:

• To illustrate the vulnerability, Ricardo Narvaja, Chief Exploit Writer at Fortra, created a proof of concept.
• The vulnerability, according to Narvaja, is caused by an Improper Validation of Specified Quantity in Input (CWE-1284), which results in an unrecoverable inconsistency in the CLFS.sys driver and necessitates calling the KeBugCheckEx function.

The latest report from cybersecurity company Fortra LLC warns of a vulnerability found in Windows 10 and 11 versions. If triggered, it could lead to denial of service and system instability.

The vulnerability, designated as CVE-202406768, arises due to inadequate validation of specified amounts in input data. This issue manifests when the system does not correctly validate or restrict the values provided by the user. It is located in the Common Log File System (CLFS.sys) driver of Windows.

The flaw may result in an unrecoverable inconsistency or a severe mistake in the system’s functioning that cannot be fixed. This would then cause Windows’ KeBugCheckEx function to be activated, which would cause instability and a high likelihood of the infamous Blue Screen of Death.

To illustrate the vulnerability, Ricardo Narvaja, Chief Exploit Writer at Fortra, created a proof of concept. The PoC demonstrated how an unprivileged user can cause a system crash by intentionally creating specific values inside a .BLF file. He pointed out that unscrupulous individuals could use this vulnerability to repeatedly crash vulnerable computers, disrupting operations and perhaps resulting in data loss and possible issues, including system instability and denial of service.

Narvaja wrote, “In the last two research endeavors on Common Log File System (CLFS), I was able to achieve remote code execution in both cases. However, when I modified some values in the PoC I was working on, I observed that it triggered a BSoD on the target system.”

The vulnerability, according to Narvaja, is caused by an Improper Validation of Specified Quantity in Input (CWE-1284), which results in an unrecoverable inconsistency in the CLFS.sys driver and necessitates calling the KeBugCheckEx function. This enables a user without privileges to trigger a Windows BSoD.

Although the vulnerability has only received a 6.8 -Medium Common Vulnerabilities and Exposures score, hackers and other threat actors could still attack it and disrupt operations.