However, there is a bug in the ElfClearELFW function that causes it to fail to validate input properly. In order to understand the LogCrusher attack flow, it is necessary to take into account these two functions.
It is possible to disrupt and/or reduce the performance of the service, but the attacker cannot completely cause the service to stop working.
By obtaining a handle to the legacy Internet Explorer log, an attacker can use this information to set up a leveraging mechanism to use for their attacks to perform the following illicit activities:-
- Crash the Event Log
- Initiate DoS condition
As a result of this flaw, it is possible to cause the log backup function to fail by combining it with another flaw. By using this technique, the threat actor will be able to create a writable folder on the targeted host and repeatedly back up arbitrary logs to it until the drive gets full.
A patch from Microsoft, which is available for potentially vulnerable systems, should be applied to them as soon as possible and any suspicious activity should be monitored carefully.