Microsoft Windows users have fresh memories of seeing a blue screen of death on their PCs from the time when a CrowdStrike update left millions of users unable to work. Some are still recovering from the losses that they might have faced during that time. The storm is not over though. According to a report from cybersecurity company Fortra, there is a new vulnerability in Microsoft Windows that can lead to another blue screen of death episode. The worst part is that each and every single versions of Windows 10 and Windows 11 will be affected by this.
This vulnerability has officially been catalogued as CVE-2024-6768.
ALSO READ | Google Pixel 9 Series Rumour Roundup: Here's What We Know About The Upcoming Google Pixel Devices So Far
What Is CVE-2024-6768?
The security flaw, identified as CVE-2024-6768, involves a vulnerability in the Windows driver for the common log file system. When certain quantities in the input data are not properly validated, this vulnerability can activate a function called KeBugCheckEx, leading to the infamous blue screen of death — a scenario that many Windows users recognize, particularly after recent CrowdStrike issues caused similar crashes.
Although the exploit’s potential impact is significant and doesn't require user interaction, the risk is considered medium since the attack must be executed locally rather than remotely.
Who Will Be Affected By CVE-2024-6768?
The CVE-2024-6768 blue screen of death affects all versions of Windows 10, Windows 11, and Windows Server 2022, even if they are fully up-to-date with the latest security patches. Researchers have demonstrated that an unprivileged user can trigger a system crash by utilizing a specifically crafted file.
Ricardo Narvaja, principal exploit writer with security company Fortra told Forbes, “The potential problems include system instability and denial of service. Malicious users can exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.”