In a recent discovery, cybersecurity researchers have identified a critical zero-day vulnerability posing a significant threat to the Windows Event Log service. This flaw, when exploited, has the potential to crash the service on all supported versions of Windows, including some legacy systems, raising concerns among enterprise defenders.
Discovered by security researcher Florian and reported to Microsoft, the zero-day vulnerability is currently without a patch. The Windows Event Log service plays a pivotal role in monitoring and recording system events, providing essential information for system administrators and security professionals. The exploitation of this vulnerability could result in widespread disruption of critical logging functions, hindering the ability to track and analyze system activities.
In PoC testing, the team discovered that the Windows Event Log service restarts after two crashes, but if it experiences a third crash, it remains inactive for a period of 24 hours. This extended downtime poses a considerable risk, as many security controls rely on the consistent functioning of the Event Log service. The fallout includes compromised security controls and non-operational security control products. This vulnerability allows attackers to exploit known vulnerabilities or launch attacks without triggering alerts, granting them the ability to act undetected, as outlined in the blog.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: