Cybersecurity researchers have disclosed particulars a few pair of vulnerabilities in Microsoft Windows, one in every of which may very well be exploited to end in a denial-of-service (DoS).
The exploits, dubbed LogCrusher and OverLog by Varonis, take intention on the EventLog Remoting Protocol (MS-EVEN), which permits distant entry to occasion logs.
While the previous permits “any area consumer to remotely crash the Event Log software of any Windows machine,” OverLog causes a DoS by “filling the arduous drive house of any Windows machine on the area,” Dolev Taler mentioned in a report shared with The Hacker News.
OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS rating: 4.3) and was addressed by Microsoft as a part of its October Patch Tuesday updates. LogCrusher, nonetheless, stays unresolved.
“The efficiency could be interrupted and/or lowered, however the attacker can’t totally deny service,” the tech big mentioned in an advisory for the flaw launched earlier this month.
The points, in response to Varonis, financial institution on the truth that an attacker can receive a deal with to the legacy Internet Explorer log, successfully setting the stage for assaults that leverage the deal with to crash the Event Log on the sufferer machine and even induce a DoS situation.
This is achieved by combining it with one other flaw in a log backup perform (BackupEventLogW) to repeatedly backup arbitrary logs to a writable folder on the focused host till the arduous drive will get crammed.
Microsoft has since remediated the OverLog flaw by proscribing entry to the Internet Explorer Event Log to native directors, thereby lowering the potential for misuse.
“While this addresses this explicit set of Internet Explorer Event Log exploits, there stays potential for different user-accessible software Event Logs to be equally leveraged for assaults,” Taler mentioned.