Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Zero-day exploit in Windows Event Log allows hackers to remain hidden
The exploit can’t be performed remotely and it can’t run any code
2 min. read
Published onFebruary 1, 2024
published onFebruary 1, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
A new vulnerability has been found in Windows Event Log that allows hackers to crash the Windows Event Log service on all supported versions of Windows.
So how does this exploit work and how dangerous it is? Keep on reading to find out!
A new Event Log exploit has surfaced, and it covers hackers’ tracks
This exploit was first found by a Twitter user Florian while working on a fuzzer.
A bug allows any user to crash the Windows Event Log service of any other Windows 10/Server 2022 machine on the same domain. According to MSRC, the bug does not meet the bar for servicing and therefore they allowed me to publish a proof of concept.https://t.co/Gmtn3NEbn5pic.twitter.com/qu3v77VfLy
According to Florian, he tested this exploit in a network that consists of Windows 10 and Windows Server 2022 domain controller.
He states that he was able to crash the Event Log service on the domain controller from his Windows 10 machine. And this didn’t even require administrative privileges, meaning anybody can do it.
Acros Security tested this exploit, and it was confirmed that it’s present on Windows 11 as well. To make matters worse, it only takes a second for the attacker to perform this exploit.
After crashing the Windows Event Log service three times, it won’t restart anymore, and if the hacker manages to crash the system, Security and System events won’t be stored.
While this exploit doesn’t allow the hackers to run any code or gain administrative privileges, it prevents the gathering of logs making any malicious activity hidden from administrators.
While this looks scary, there is some good news. This exploit doesn’t work remotely, and it can only be used in a local network.
Microsoft hasn’t addressed this issue, however, a micro patch from Acros is available, so concerned administrators can install it.
Microsoft is quick to address security problems, and they did the same with arecent Azure Pipelines security issueandCVE-2024-0519 vulnerability in Edge, so we expect an official patch to be released soon.
More about the topics:security threats
Milan Stanojevic
Windows Toubleshooting Expert
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Milan Stanojevic
Windows Toubleshooting Expert
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.
