New Windows vulnerability discovered which causes BSOD

<p>A short time ago&comma; millions of Windows PCs experienced widespread disruptions due to a <a href&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;cast&sol;windows-machines-hit-by-bsod-due-to-faulty-crowdstrike-update&sol;" target&equals;"&lowbar;blank" rel&equals;"noopener">major outage linked to CrowdStrike<&sol;a>&period; This mishap&comma; caused by a faulty update&comma; severely impacted numerous businesses&comma; leading Delta Airlines to pursue financial compensation&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-5497" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2024&sol;07&sol;crowdstrike&lowbar;bsod&lowbar;wincert&period;png" alt&equals;"" width&equals;"1024" height&equals;"728" &sol;><&sol;p>&NewLine;<p>Recently&comma; Fortra has uncovered a new vulnerability&comma; identified as CVE-2024-6768&comma; which has the potential to cause significant issues across various Windows systems&period; Much like the earlier CrowdStrike incident&comma; this flaw could trigger the dreaded blue screen of death &lpar;BSOD&rpar; on Windows 10&comma; 11&comma; and Server 2022&comma; even on fully up-to-date systems&period;<&sol;p>&NewLine;<p>The blue screen of death &lpar;BSOD&rpar; is a critical error screen that appears when Windows encounters a severe issue it cannot resolve&comma; leading to a system crash and restart&period; BSODs are often triggered by hardware failures&comma; driver issues&comma; or software conflicts&comma; and they serve as a necessary measure to prevent further damage to the system&period;<&sol;p>&NewLine;<p>In its August 12&comma; 2024 report&comma; Fortra explains that the vulnerability stems from a flaw in input validation&period; By manipulating specific values in a BLF file&comma; malicious actors could exploit this weakness&comma; allowing non-admin users to crash the system repeatedly&period; While this could lead to denial of service and potential data loss&comma; the exploit requires physical access to the affected device&period;<&sol;p>&NewLine;<p>Fortra initially reported the CVE-2024-6768 vulnerability to Microsoft on December 20&comma; 2023&comma; providing proof of concept&period; However&comma; Microsoft could not replicate the issue and closed the case in February 2024&period; Despite Fortra’s continued efforts and additional evidence&comma; Microsoft did not take further action&period;<&sol;p>&NewLine;<p>After successfully reproducing the problem on systems with the latest updates&comma; Fortra decided to publicly disclose the vulnerability on August 12&comma; 2024&period;<&sol;p>&NewLine;