Researchers Element Home windows Occasion Log Vulnerabilities: LogCrusher and OverLog

Deal Score0
Deal Score0

Cybersecurity researchers have disclosed particulars a couple of pair of vulnerabilities in Microsoft Home windows, considered one of which might be exploited to lead to a denial-of-service (DoS).

The exploits, dubbed LogCrusher and OverLog by Varonis, take intention on the EventLog Remoting Protocol (MS-EVEN), which allows distant entry to occasion logs.

Whereas the previous permits “any area person to remotely crash the Occasion Log utility of any Home windows machine,” OverLog causes a DoS by “filling the exhausting drive house of any Home windows machine on the area,” Dolev Taler said in a report shared with The Hacker Information.

OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS rating: 4.3) and was addressed by Microsoft as a part of its October Patch Tuesday updates. LogCrusher, nevertheless, stays unresolved.

Windows Event Log Vulnerabilities

“The efficiency might be interrupted and/or decreased, however the attacker can’t absolutely deny service,” the tech large stated in an advisory for the flaw launched earlier this month.

Windows Event Log Vulnerabilities

The problems, in response to Varonis, financial institution on the truth that an attacker can get hold of a deal with to the legacy Web Explorer log, successfully setting the stage for assaults that leverage the deal with to crash the Occasion Go browsing the sufferer machine and even induce a DoS situation.


That is achieved by combining it with one other flaw in a log backup operate (BackupEventLogW) to repeatedly backup arbitrary logs to a writable folder on the focused host till the exhausting drive will get crammed.

Microsoft has since remediated the OverLog flaw by proscribing entry to the Web Explorer Occasion Log to native directors, thereby decreasing the potential for misuse.

“Whereas this addresses this specific set of Web Explorer Occasion Log exploits, there stays potential for different user-accessible utility Occasion Logs to be equally leveraged for assaults,” Taler stated.

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general