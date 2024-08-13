Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

It wasn’t too long ago when millions of Windows PCs were affected by a CrowdStrike outage. A faulty update caused disruptions to plenty of vital businesses, so much so that Delta Airlines was seeking financial compensation.

And now, a new report by Fortra reveals a newly spotted vulnerability, billed as CVE-2024-6768. The cybersecurity firm says that the faulty error can cause a blue screen of death (BSOD) on all versions of Windows 10, 11, and Server 2022, even with all updates installed, CrowdStrike outage style.

According to the report dated August 12, 2024, the security flaw is due to improper input validation. It can be exploited by bad actors by crafting specific values in a BLF file, potentially letting unprivileged users repeatedly crash the system. It can potentially lead to denial of service and data loss, but the attack itself requires physical access to the system.

Fortra first reported the CVE-2024-6768 vulnerability to Microsoft on December 20, 2023, with proof of concept, but Microsoft couldn’t reproduce it. Despite Fortra’s follow-ups with additional evidence, Microsoft closed the case in February 2024.

Fortra then continued to provide proof and eventually decided to publish the vulnerability on August 12, 2024, after reproducing the issue on the latest updates.

The blue screen of death (BSOD) is an error screen shown by Windows when the system encounters a serious problem that it can’t fix, causing the computer to crash and restart.

A BSOD is usually caused by issues like hardware failures, driver problems, or software conflicts, but it’s necessary so that the system can stop everything to prevent further damage.