Code Published for Triggering a BSOD on Windows Computers -- Even If They're Locked

"A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state," writes BleepingComputer. An anonymous reader quotes their report: The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender. The expert's proof-of-concept code contains a malformed NTFS image that users can take and place on a USB thumb drive. Inserting this USB thumb drive in a Windows computer crashes the system within seconds, resulting in a Blue Screen of Death (BSOD). "Auto-play is activated by default," Tivadar wrote in a PDF document detailing the bug and its impact...

Tivadar contacted Microsoft about the issue in July 2017, but published the PoC code today after the OS maker declined to classify the issue as a security bug. Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user).

Re:Autoplay

[war4peace]

Actually, no, Autoplay doesn't have to be enabled, what the researcher meant is that the OS auto-mounts the image anyway, guaranteeing the crash.

USB

[amiga3D]

USB is problematic anyway. Where I worked if you inserted a flash drive into a computer it would lock you out and send an alert to security. Good way to get fired.

Re: Autoplay

[toadlife]

Windows XP also doesn't know or understand what an NTFS filesystem is anyway

NTFS is XP's default filesystem.