Privacy News PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/microsoft/poc-code-published-for-triggering-an-instant-bsod-on-all-recent-windows-versions/
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.
The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender.

NTFS bug and Windows autoplay feature don't go well together

The expert's PoC contains a malformed NTFS image that users can take and place it on a USB thumb drive. Inserting this USB thumb drive in a Windows computer crashes the system within seconds, resulting in a Blue Screen of Death (BSOD).
...
... ...
Click to expand...
Microsoft declined to fix

Tivadar contacted Microsoft about the issue in July 2017, but published the PoC code today after the OS maker declined to classify the issue as a security bug.
Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user).
....
....
Click to expand...
"I strongly believe that this behavior should be changed, [and] no USB stick/volume should be mounted when the system is locked," the researcher said. "Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine."

Tivadar published two videos on his personal Google Photos account showing the NTFS bug crashing a PC in normal and locked down states. Another PoC is also available on his Google Drive account.

For now, Tivadar's PoC will become one of the hottest pieces of code on GitHub, as any prankster will be looking to add it to his arsenal.
Click to expand...
 
  • Like
Reactions: Deletedmessiah, BoraMurdar, vtqhtr413 and 5 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
For now, Tivadar's PoC will become one of the hottest pieces of code on GitHub.
Click to expand...

GitHub :
anybody succeed?
Click to expand...
Ejmc4yT1_o.gif
 
Last edited:
  • Like
Reactions: LASER_oneXM, Deletedmessiah, BoraMurdar and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Fake zero-day PoC exploits on GitHub push Windows, Linux malware
Replies
1
Views
1,522
News Archive
upnorth
upnorth
silversurfer
    • Like
    • +Reputation
Proof-of-Concept released for critical Microsoft Word RCE bug
Replies
0
Views
687
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
Replies
0
Views
555
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top