Just a few weeks have passed since a botched update from security firm CrowdStrike caused 8.5 million PCs to become stuck on the Blue Screen of Death error screen, and a fresh BSOD threat has been revealed.
According to researchers, the latest glitch is "very simple" to trigger and causes all versions of the desktop operating system to immediately crash. Since both Windows 10 and Windows 11 are impacted by the issue, that's a total of 95% of all Windows-powered PCs that can be crashed with this software glitch.
The worrying vulnerability was first uncovered by the team at cybersecurity software firm Fortra, which shared its findings with Microsoft on December 20, 2023.
The infamous Blue Screen of Death, or BSOD, is an error message that appears whenever any version of the Microsoft-developed operating system reboots or shuts down unexpectedly
MICROSOFT PRESS OFFICE
Categorised as CVE-2024-6768, the glitch concerns the Common Log File System (CLFS) driver and will instantly trigger the infamous Blue Screen of Death, sometimes referred to as Black Screen Error or STOP Code Error, that occurs when a serious software problem causes Windows to shut down or restart unexpectedly.
Despite the widespread chaos that could be caused by this bug, CVE-2024-6768 only earned a "medium" score of 6.8/10 on the CVSS scale, the Common Vulnerability Scoring System (CVSS) — a method used to measure the severity of ongoing software glitches and bugs by Microsoft, IBM, and others.
The good news is that CVE-2024-6768 doesn't have any consequences around the confidentiality of data, since it doesn't enable unauthorized system control. So there's no chance of hackers leveraging this glitch to start stealing files from your hard drive, siphoning credit card details, or worse.
According to the team at Fortra, it can be used to cause endless crashes to disrupt business operations or potentially trigger data loss. Anyone can kickstart an attack with this bug using a specially crafted file, since there's no need for specific system privileges, researchers caution.
Associate Director of Security Research and Development, Tyler Reguly explained: "It's very simple to run: run a binary, call a function, and that function causes the system to crash. I probably shouldn't admit to this, but in dragging and dropping it from system to system today, I accidentally double-clicked it, and I crashed my server."
"It's a good way for an attacker to maybe cover their tracks, or take down a service where they otherwise shouldn't be able to, and I think that's where the real risk comes in," he added in a conversation with Dark Reading, one widely read cybersecurity blogs. "These systems reboot unexpectedly, [you] ignore the crash because it came back up and it's fine now, but that might have been somebody hiding their activity — hiding the fact that they wanted it to reboot so that a new setting would take effect."
Despite warning Microsoft about the glitch at the end of last year, there's still no sign of a permanent fix. After months of back and forth between the researchers at Fortra and the teams in Redmond, Microsoft closed its internal investigation after it was unable to reproduce the BSOD crash.
As such, even those running the very latest version of Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, or Windows Server 2022 will find themselves vulnerable to this attack.
LATEST DEVELOPMENTS
And it might be an error that remains forever in the desktop operating system. When asked about a permanent solution from Microsoft, Mr Reguly admits: “We do not expect to see a fix from them.”
Updating your PC to the latest version of the software is one of the best methods to shield yourself against malware and security vulnerabilities since these are regularly fixed by the engineers at Microsoft.
It's one of the reasons that it's so important for those still relying on Windows 10 every day to upgrade to a new PC, switch to a free alternative from Google, or pay an additional subscription charge to keep their data safe from Microsoftor someone elsebefore next year.
For those who don't know, Microsoft will end all security updates for Windows 10 in mid-October 2025 unless you're subscribed to its Extended Security Update (ESU) plan.
