Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

October 25, 2022
LogCrusher and OverLog

Cybersecurity scientists have actually divulged information concerning a set of susceptabilities in Microsoft Windows, among which can be manipulated to lead to a denial-of-service (DoS).

The ventures, referred to as LogCrusher and also OverLog by Varonis, take objective at the EventLog Remoting Procedure (MS-EVEN), which allows remote accessibility to occasion logs.

While the previous permits “any kind of domain name customer to from another location collapse the Occasion Log application of any kind of Windows maker,” OverLog triggers a DoS by “filling up the hard disk drive room of any kind of Windows maker on the domain name,” Dolev Taler said in a record shown to The Cyberpunk Information.

OverLog has actually been appointed the CVE identifier CVE-2022-37981 (CVSS rating: 4.3) and also was dealt with by Microsoft as component of its October Spot Tuesday updates. LogCrusher, nevertheless, continues to be unsolved.

Windows Event Log Vulnerabilities

” The efficiency can be disturbed and/or lowered, however the assaulter can not completely reject solution,” the technology titan stated in an advising for the problem launched previously this month.

Windows Event Log Vulnerabilities

The problems, according to Varonis, rely on the truth that an assailant can acquire a take care of to the tradition Web Traveler log, successfully establishing the phase for assaults that take advantage of the manage to collapse the Occasion Go to the target maker and also also generate a DoS problem.


This is attained by integrating it with one more problem in a log back-up feature (BackupEventLogW) to repetitively backup approximate logs to a writable folder on the targeted host till the hard disk drive obtains loaded.

Microsoft has actually given that remediated the OverLog problem by limiting accessibility to the Web Traveler Occasion Log to regional managers, therefore decreasing the possibility for abuse.

” While this addresses this specific collection of Web Traveler Occasion Log ventures, there continues to be prospective for various other user-accessible application Occasion Logs to be likewise leveraged for assaults,” Taler stated.

Posted in SecurityTags:
Write a comment