A New Microsoft Vulnerability Warning

Uploaded on 2024-08-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft’s critical outage which was caused by the CrowdStrike faulty update last month brought both  public and private  sector networks around the world to a standstill. 

One  month later, another vulnerability has been discovered in Windows that can result in another blue screen of death (BSoD) error.  The vulnerability has been uncovered by cybersecurity software company Fortra.

Forta describes the vulnerability stating “A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.”

The vulnerability is officially catalogued as CVE-2024-6768 concerns the common log file system Windows driver. Improper validation of specified quantities in input data triggers KeBugCheckEx function, leading to the infamous BSoD error. It impacts all versions of Windows 10 and Windows 11, as well as Windows Server 2022.

Ricardo Narvaja, principal exploit writer at Fortra  said “The potential problems include system instability and denial of service” which “malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.” 

Forta says that it first informed Microsoft about the vulnerability in December last year. However, the company last responded in February 2024 saying that ‘they still could not reproduce the issue and they were closing the case’.

Fortra    |    NIST   |   Times of India  |    Forbes   |     PacketStorm

Image: Ideogram

You Might Also Read: 

DDoS Attack Knocks Azure Offline:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five Critical Security Benefits Of CIAM
Quantum Computing Security Could Solve The Data Sovereignty Challenge »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Solid8 Technologies

Solid8 Technologies

Solid8 Technologies is a value added distributor and innovation incubator partnering with leading global Cyber Security software Vendors.