"LogCrusher" and "OverLog" issues have been found in Windows.
Varonis discovers two Windows vulnerabilities.
Researchers at Varonis discovered two Windows vulnerabilities they’re callling “LogCrusher” and “OverLog,” located in the operating system’s Internet Explorer-specific Event Log. The vulnerabilities can be used to carry out denial-of-service attacks:
- “LogCrusher, which allowed any domain user to remotely crash the Event Log application of any Windows machine on the domain.
- “OverLog, which causes a remote denial-of-service (DoS) attack by filling the hard drive space of any Windows machine on the domain. (CVE-2022-37981)”
Varonis says Microsoft has patched the OverLog vulnerability and offered recommendations for mitigating LogCrusher:
“Microsoft has opted not to fully fix the LogCrusher vulnerability on Windows 10 (more recent operating systems are unaffected). As of Microsoft's Oct. 11, 2022 Patch Tuesday update, the default permissions setting that had allowed non-administrative users access to the Internet Explorer Event Log on remote machines has been restricted to local administrators, greatly reducing the potential for harm.
“While this addresses this particular set of Internet Explorer Event Log exploits, there remains potential for other user-accessible application Event Logs to be similarly leveraged for attacks. We recommend that all potentially vulnerable systems apply the Microsoft-provided patch and monitor any suspicious activity.”