Novel CLFS vulnerability mitigation touted by Microsoft

Share This Post



Increasingly prevalent cyberattacks exploiting Windows Common Log File System vulnerabilities have prompted Microsoft to conduct testing for a mitigation enabling the identification of unauthorized CLFS logfile alterations, which would be integrated into the Windows Insiders Canary channel, according to SecurityWeek.

Appending logfiles with Hash-based Message Authentication Codes, which are generated through the hashing of input data and a secret cryptographic key, would help CLFS determine logfiles subjected to modifications not made by the CLFS driver, noted Microsoft, which added that valid HMACs could only be produced with a cryptographic key only accessible by the system and admins. “Rather than continuing to address single issues as they are discovered, [we] worked to add a new verification step to parsing CLFS logfiles, which aims to address a class of vulnerabilities all at once. This work will help protect our customers across the Windows ecosystem before they are impacted by potential security issues,” said Microsoft software engineer Brandon Jackson, who noted the mitigation’s usage of a Merkle tree to ensure efficiency in processing large files.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch