Over the past 18 months, malevolent actors have taken advantage of a series of vulnerabilities, including four zero-day exploits, within a critical Windows kernel-level driver. Reports from Kaspersky’s Securelist this week not only highlight specific flaws but underscore a broader, systemic issue within the current framework of the Windows Common Log File System (CLFS).
CLFS, designed as a high-performance logging system accessible for user- or kernel-mode software clients, possesses kernel-level access that proves enticing for hackers aiming to acquire low-level system privileges. Its performance-centric design, however, has resulted in multiple security vulnerabilities in recent years, with ransomware actors exploiting these weaknesses.
Boris Larin, principal security researcher at Kaspersky’s Global Research and Analysis Team, emphasizes the need for caution in handling files within kernel drivers. He explains that the design choices in Windows CLFS have made it nearly impossible to securely parse CLFS files, leading to a surge in similar vulnerabilities.
Larin points out a noteworthy observation: while zero-days at the Win32k level are not uncommon, the prevalence of CLFS driver exploits in active attacks within a single year raises concerns. He questions whether there is an inherent flaw in the CLFS driver, suggesting that it might be excessively
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: