Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked
Microsoft has a security issue that affects both Windows 7 and Windows 10 operating systems. The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender. He reported the issue to Microsoft but was not heard. This video dates back towards Summer 2017. Now, he's stepping out with details and a demonstration to raise awareness of this vulnerability. Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user). The researcher doesn't agree with Microsoft's decision. The exploit is nasty because Tivadar's proof-of-concept shows he can force a BSOD, even with Windows locked. It literally takes 2 to 3 seconds to crash the OS and is still present, even with Windows 10 version 1803 - the April 2018 Update. Have a peek at the video.
Researchers Discover new Intel processor Vulnerability - the BranchScope Attack - 03/28/2018 01:58 PM
A new Vulnerability has been discovered on Intel processors by researchers. The security attack uses the speculative execution features of modern processors to leak sensitive information and underm...
Initial AMD Technical Assessment of CTS Labs Research - 03/21/2018 08:05 AM
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with...
Security researchers bypass lockscreen and install malware through Cortana - 03/07/2018 09:11 AM
Researchers shared the word that they will demonstrate how they are able to bypass the password-protected Windows 10 lock screen and then install malware from a website, through Microsoft’s ...
Microsoft Researches Holographic Near-Eye Displays - 05/22/2017 08:55 AM
Microsoft shows a thing or two how digital holography can be used to build novel near-eye displays for virtual and mixed (or augmented) reality. using the form factor of sunglasses by using a powerf...
Google Project Zero researchers find ‘crazy bad’ Windows RCE flaw - 05/09/2017 08:24 AM
Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windo...
Senior Member
Posts: 11809
Joined: 2012-07-20
Unless it can force code execution, it is just stupid joke. If I can plug USB to your system, I can hold power button on it too.
Senior Member
Posts: 508
Joined: 2010-01-20
i would like to see if it affects windows server, i see some applications in a server room. It could be used as a form of sabotage .
Senior Member
Posts: 1198
Joined: 2010-05-12
Is not a stupid joke is a stupid OS that crash on broken disks. And this is inadmissible nowadays.
Senior Member
Posts: 116
Joined: 2003-07-29
In this case, the crafted NTFS-crashing drive image can't occur under normal circumstances, but can specifically crafted to intentionally force a BSOD and dump memory. You don't even need a USB stick to pull this off, and an entire attack can take place within userland without once elevating with UAC.
Powering down a system is a hell of a lot more preferable to a BSOD where the dump can be easily taken for analysis. This isn't a broken disk issue, either, since a broken or corrupted NTFS partition can't take down the entire kernel but a valid (but malformed) one can.
Senior Member
Posts: 2889
Joined: 2013-03-10
Oh, I don't know anything about this bug. I'm sure this is a real Windows bug. I was merely saying that I haven't personally ever seen a Win10 BSOD on my own PCs, and that my other problems were likely related to my own hardware and their drives.