Security researchers uncover a new blue screen of death vulnerability.
Less than a month has passed since an issue with a CrowdStrike update left millions of Windows machines struggling to break free from a blue screen of death loop, but now a new blue screen threat has been revealed. An August 12 report from cybersecurity software company Fortra has detailed how a newly uncovered Windows vulnerability can lead to yet another blue screen of death. What’s more, the researchers said, all versions of Windows 10 and Windows 11 are affected, even if all current security updates have been installed.
The security vulnerability, officially cataloged as CVE-2024-6768, concerns the common log file system Windows driver. When faced with an improper validation of specified quantities within input data, CVE-2024-6768 will trigger a function known as KeBugCheckEx and result in the dreaded blue screen of death. Something that Windows users are only too familiar with following the recent CrowdStrike issues that produced the same blue screen end result. Despite the ultimate payload of an exploit being pretty serious and requiring no user interaction, because the attack vector is local rather than remote, the vulnerability is graded as being of medium risk.
The CVE-2024-6768 blue screen of death can impact all versions of Windows 10 and Windows 11, as well as Windows Server 2022, regardless of whether they have been updated with all security patches to date. The researchers have shown that a user with no privileges can induce a system crash by using a specially crafted file.
“The potential problems include system instability and denial of service,” said Ricardo Narvaja, principal exploit writer with security company Fortra, and the author of the report. “Malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”
Tyler Reguly, Fortra’s associate director of security research and development, mentioned that Microsoft was initially notified about the issue in December 2023. However, communications ceased in February 2024 when Microsoft allegedly stated they could not reproduce the vulnerability, despite Fortra researchers validating the issue across multiple systems, both virtual and physical. With no clear remedies or workarounds available, Reguly expressed little hope for a resolution from Microsoft. The publication of this vulnerability serves to urge Microsoft to recognize the exploit’s potential risks and to consider addressing it in future updates.
A spokesperson from Microsoft said, “We have reviewed this report and have found that it does not meet the bar for immediate servicing under our severity classification guidelines and we will consider it for a future product update. The technique described requires an attacker to have already gained code execution capabilities on the target machine and it does not grant elevated permissions. We encourage customers to practice good computing habits online, including exercising caution when running programs that are not recognized by the user.”
Tyler Reguly expressed that exploiting this vulnerability in real-world scenarios seems unlikely due to both limited use cases and impacts, notably because the blue screen of death can be recovered. Nevertheless, he highlighted that it allows a low-privileged user to reboot the system unexpectedly, even when multiple users are logged on. “This might be used by a malicious insider who aims to disrupt a multi-user server just to cause trouble,” Reguly noted, “or by someone wanting to reboot a machine without needing high-level permissions or leaving a trace of a user-initiated reboot.”
The typical Windows user might not need to worry excessively about this issue. However, organizations should be cautious and might find Microsoft’s apparent delay in patching this vulnerability troubling. “The ideal scenario,” Reguly mentioned, “would be for Microsoft to acknowledge this release and update the system to fix the vulnerability.”
Microsoft has recently faced challenges with blue screen of death issues. Besides an unrelated problem caused by a CrowdStrike update, another incident following a July 2024 security update led to warnings for Windows users. This caused devices to potentially boot into BitLocker recovery, affecting those with encryption enabled.
One Community. Many Voices. Create a free account to share your thoughts.
Our community focuses on fostering connections through open and thoughtful discussions. We encourage our readers to engage, share their perspectives, and discuss ideas and facts in a secure environment.
In order to maintain this, kindly adhere to the posting guidelines specified in our site’s Terms of Service. Here, we provide a brief overview of some critical rules: remember to always remain respectful.
Your post will be disapproved if it appears to include:
User accounts will be suspended if it is noticed or suspected that users are participating in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.