This code triggers BSOD errors on all recent Windows versions

Costea Lestoc By: Costea Lestoc
2 minute read
trigger BSOD windows 10

There’s a vulnerability in Microsoft’s handling of NTFS filesystem images that was discovered by Marius Tivadar, a security researcher at Bitdefender. To exploit the vulnerability, the Romanian hardware expert just published proof-of-code on GitHub that will result in crashing most computers running Windows even when they are in a locked state.

Windows machines crash in a few seconds because of the autoplay feature

Tivadar’s proof-of-concept includes a malformed NTFS image that you can place on a USB thumb drive. If you insert the USB drive in a Windows computer, it will crash in a few seconds displaying the BSOD. “Auto-play is activated by default,” Tivadar detailed in a PDF document.

Even with auto-play [is] disabled, [the] system will crash when the file is accessed. This can be done for [example,] when Windows Defender scans the USB stick, or any other tool opening it.

Locked PCs running Windows also crash

The worst thing about the bug is the fact that it can crash even locked PCs. In other words, PCs crash even when they should not read data from USB drives.

I strongly believe that this behavior should be changed, [and] no USB stick/volume should be mounted when the system is locked,” Tivadar said. “Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine.

Microsoft couldn’t care less

Tivadar contacted the tech giant last year, but he decided to publish the code today because the company declined to categorize the issue as a security bug. Microsoft even downgraded the severity of the bug saying that the exploit required physical access or social engineering that would trick the user.

Hey Marius, Your report requires either physical access or social engineering, and as such, does not meet the bar for servicing down-level (issuing a security patch). […] Your attempt to responsibly disclose a potential security issue is appreciated and we hope you continue to do so.

Tivadar said that you don’t even need physical access because the bug can be deployed via malware.

RELATED STORIES TO CHECK:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Surface Pro 3 gets new security updates, install goes smoothly

Giles Ensor avatar. By: Giles Ensor
2 minute read

After recent bad news stories about updates released by Microsoft for Windows 10, that you can read here and here, it is refreshing to read (or […]

Continue Reading

Best Windows 10 antivirus software to use in 2018

Radu Tyrsina By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

Sovan Mandal avatar. By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading