MSI MEG Z790 ACE review
Deepcool LT720 LCS Cooler Review
Arctic A35/I35 A-RGB air coolers review
Minisforum HX90G (Ryzen 9 5900HX + RX 6600M) mini PC review
MSI MPG Z790 Edge (DDR4) review
MSI GeForce RTX 4080 Gaming X TRIO review
Deepcool CH510 chassis review
Asus Delta S Wireless Headset review
GeForce RTX 4080 Founder edition review
MSI GeForce RTX 4080 Suprim X review
Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked
Microsoft has a security issue that affects both Windows 7 and Windows 10 operating systems. The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender. He reported the issue to Microsoft but was not heard. This video dates back towards Summer 2017. Now, he's stepping out with details and a demonstration to raise awareness of this vulnerability. Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user). The researcher doesn't agree with Microsoft's decision. The exploit is nasty because Tivadar's proof-of-concept shows he can force a BSOD, even with Windows locked. It literally takes 2 to 3 seconds to crash the OS and is still present, even with Windows 10 version 1803 - the April 2018 Update. Have a peek at the video.
Researchers Discover new Intel processor Vulnerability - the BranchScope Attack - 03/28/2018 01:58 PM
A new Vulnerability has been discovered on Intel processors by researchers. The security attack uses the speculative execution features of modern processors to leak sensitive information and underm...
Initial AMD Technical Assessment of CTS Labs Research - 03/21/2018 08:05 AM
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with...
Security researchers bypass lockscreen and install malware through Cortana - 03/07/2018 09:11 AM
Researchers shared the word that they will demonstrate how they are able to bypass the password-protected Windows 10 lock screen and then install malware from a website, through Microsoft’s ...
Microsoft Researches Holographic Near-Eye Displays - 05/22/2017 08:55 AM
Microsoft shows a thing or two how digital holography can be used to build novel near-eye displays for virtual and mixed (or augmented) reality. using the form factor of sunglasses by using a powerf...
Google Project Zero researchers find ‘crazy bad’ Windows RCE flaw - 05/09/2017 08:24 AM
Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windo...
Fox2232
Senior Member
Posts: 11808
Joined: 2012-07-20
Senior Member
Posts: 11808
Joined: 2012-07-20
#5543474 Posted on: 05/03/2018 01:36 PM
Unless it can force code execution, it is just stupid joke. If I can plug USB to your system, I can hold power button on it too.
Unless it can force code execution, it is just stupid joke. If I can plug USB to your system, I can hold power button on it too.
reix2x
Senior Member
Posts: 608
Joined: 2010-01-20
Senior Member
Posts: 608
Joined: 2010-01-20
#5543506 Posted on: 05/03/2018 03:09 PM
i would like to see if it affects windows server, i see some applications in a server room. It could be used as a form of sabotage .
i would like to see if it affects windows server, i see some applications in a server room. It could be used as a form of sabotage .
asturur
Senior Member
Posts: 1277
Joined: 2010-05-12
Senior Member
Posts: 1277
Joined: 2010-05-12
#5543523 Posted on: 05/03/2018 03:50 PM
Is not a stupid joke is a stupid OS that crash on broken disks. And this is inadmissible nowadays.
Is not a stupid joke is a stupid OS that crash on broken disks. And this is inadmissible nowadays.
David3k
Senior Member
Posts: 122
Joined: 2003-07-29
Senior Member
Posts: 122
Joined: 2003-07-29
#5543577 Posted on: 05/03/2018 05:43 PM
In this case, the crafted NTFS-crashing drive image can't occur under normal circumstances, but can specifically crafted to intentionally force a BSOD and dump memory. You don't even need a USB stick to pull this off, and an entire attack can take place within userland without once elevating with UAC.
Powering down a system is a hell of a lot more preferable to a BSOD where the dump can be easily taken for analysis. This isn't a broken disk issue, either, since a broken or corrupted NTFS partition can't take down the entire kernel but a valid (but malformed) one can.
Unless it can force code execution, it is just stupid joke. If I can plug USB to your system, I can hold power button on it too.
Is not a stupid joke is a stupid OS that crash on broken disks. And this is inadmissible nowadays.
In this case, the crafted NTFS-crashing drive image can't occur under normal circumstances, but can specifically crafted to intentionally force a BSOD and dump memory. You don't even need a USB stick to pull this off, and an entire attack can take place within userland without once elevating with UAC.
Powering down a system is a hell of a lot more preferable to a BSOD where the dump can be easily taken for analysis. This isn't a broken disk issue, either, since a broken or corrupted NTFS partition can't take down the entire kernel but a valid (but malformed) one can.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 3197
Joined: 2013-03-10
Oh, I don't know anything about this bug. I'm sure this is a real Windows bug. I was merely saying that I haven't personally ever seen a Win10 BSOD on my own PCs, and that my other problems were likely related to my own hardware and their drives.