Microsoft Windows CLFS.sys Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the CLFS.sys driver of Microsoft Windows. This issue arises from improper handling of special elements, leading to an unrecoverable inconsistency that forces the system to crash. An unprivileged user can exploit this vulnerability by triggering a system crash through a crafted log file. A cumulative update released in September 2025 for Windows 11 2024 LTSC and Windows Server 2025 addresses this vulnerability. However, Windows 11 2023 H2 and earlier versions remain vulnerable.

Impact

Exploitation of this vulnerability causes a system crash, leading to a blue screen of death (BSoD) error.

Reproduction

The vulnerability can be reproduced by using the ReadFile function with a handle to an opened .blf log file. This action creates an unrecoverable state in the CLFS.sys driver, causing the system to crash and display a blue screen of death (BSoD) error.

Remediation

Users can upgrade to the September 2025 cumulative update for Windows 11 2024 LTSC or Windows Server 2025 to address this vulnerability. For Windows 11 2023 H2 and earlier versions, no official patch is available.