Free unofficial patches are available for a new Windows zero-day flaw dubbed EventLogCrasher that lets attackers remotely crash the Event Log service on devices within the same Windows domain.
While Microsoft didn’t provide more details regarding the 2022 vulnerability, software company Varonis disclosed a similar flaw dubbed LogCrusher that can be exploited by any domain user to remotely crash the Event Log service on Windows machines across the domain.
They can always crash the Event Log service locally and on all Windows computers in the same Windows domain, including domain controllers, which will let them ensure that their malicious activity will no longer be recorded in the Windows Event Log.
Once the Event Log service crashes, Security Information and Event Management and Intrusion Detection Systems will be directly impacted as they can no longer ingest new events to trigger security alerts.
“So far we’ve discovered that a low-privileged attacker can crash the Event Log service both on the local machine and on any other Windows computer in the network they can authenticate to. In a Windows domain, this means all domain computers including domain controllers,” said 0patch co-founder Mitja Kolsek.
To install the necessary patches on your Windows system, create a 0patch account and install the 0patch agent on the device.
