Researchers Detail Windows Event Log Vulnerabilities LogCrusher and OverLog


Two Microsoft Windows flaws, one of which may be used to cause a denial-of-service, have been identified by cybersecurity researchers. The EventLog Remoting Protocol, which allows for remote access to event logs, is targeted by the attacks, nicknamed LogCrusher and OverLog by Varonis.

In contrast to OverLog, which Dolev Taler claimed in a report published with The Hacker News “fills the hard drive space of any Windows machine on the network,” the former “allows any domain user to remotely crash the Event Log application of any Windows machine.” Read More…