Cybersecurity researchers have disclosed particulars a couple of pair of vulnerabilities in Microsoft Home windows, certainly one of which could possibly be exploited to end in a denial-of-service (DoS).
The exploits, dubbed LogCrusher and OverLog by Varonis, take purpose on the EventLog Remoting Protocol (MS-EVEN), which allows distant entry to occasion logs.
Whereas the previous permits “any area consumer to remotely crash the Occasion Log software of any Home windows machine,” OverLog causes a DoS by “filling the arduous drive house of any Home windows machine on the area,” Dolev Taler mentioned in a report shared with The Hacker Information.
OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS rating: 4.3) and was addressed by Microsoft as a part of its October Patch Tuesday updates. LogCrusher, nonetheless, stays unresolved.
“The efficiency could be interrupted and/or decreased, however the attacker can’t totally deny service,” the tech large mentioned in an advisory for the flaw launched earlier this month.
The problems, in keeping with Varonis, financial institution on the truth that an attacker can get hold of a deal with to the legacy Web Explorer log, successfully setting the stage for assaults that leverage the deal with to crash the Occasion Go online the sufferer machine and even induce a DoS situation.
That is achieved by combining it with one other flaw in a log backup operate (BackupEventLogW) to repeatedly backup arbitrary logs to a writable folder on the focused host till the arduous drive will get stuffed.
Microsoft has since remediated the OverLog flaw by limiting entry to the Web Explorer Occasion Log to native directors, thereby lowering the potential for misuse.
“Whereas this addresses this specific set of Web Explorer Occasion Log exploits, there stays potential for different user-accessible software Occasion Logs to be equally leveraged for assaults,” Taler mentioned.
