Fb-Button  - standard facebook ico - Expert shows how to trigger blue-screen-of-death on Windows by triggering NTFS flawSecurity Affairs

Bitdefender researcher Marius Tivadar has developed a dodgy NTFS file system image that could a blue-screen-of-death when a mount is attempted on 7 and 10 systems.

The Bitdefender Marius Tivadar has discovered a vulnerability tied the way Microsoft handles of filesystem images, he also published a proof-of-concept code on GitHub that could be used to cause Blue Screen of Death within seconds on most Windows computers.

“One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in locked state.” wrote Tivadar.

The PoC code includes a malformed NTFS image can be stored on a USB thumb drive. Once the user will insert the USB thumb drive in a Windows PC it will crash the system within a few seconds causing a Blue Screen of Death.

Tivadar highlighted that auto-play is activated by default and even disabling it the system will crash when the NTFS image is accessed.

The expert noticed that some tools like Windows Defender scans the USB stick the flaw.

NTFS hack  - windows zero day - Expert shows how to trigger blue-screen-of-death on Windows by triggering NTFS flawSecurity Affairs

Tivadar reported the NTFS issue to Microsoft in July 2017, but the tech giant did not recognize it as a security bug so the expert opted to disclose the flaw.

Microsoft pointed out that the exploitation of the issue requires either physical access, but Tivadar explained that an attacker could use a malware to exploit the PoC code.

Tivadar noticed that the NTFS bug also works while the PC is locked, this is an anomaly because there is no need to mount a USB stick/volume when the system is locked.

“Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine.” the researcher explained.

Tivadar published two PoC videos on his personal Google Photos account and on his Google Drive account.

Pierluigi Paganini

(Security Affairs – NTFS, hacking)






Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here