Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked
Microsoft has a security issue that affects both Windows 7 and Windows 10 operating systems. The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender. He reported the issue to Microsoft but was not heard. This video dates back towards Summer 2017. Now, he's stepping out with details and a demonstration to raise awareness of this vulnerability. Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user). The researcher doesn't agree with Microsoft's decision. The exploit is nasty because Tivadar's proof-of-concept shows he can force a BSOD, even with Windows locked. It literally takes 2 to 3 seconds to crash the OS and is still present, even with Windows 10 version 1803 - the April 2018 Update. Have a peek at the video.
Researchers Discover new Intel processor Vulnerability - the BranchScope Attack - 03/28/2018 01:58 PM
A new Vulnerability has been discovered on Intel processors by researchers. The security attack uses the speculative execution features of modern processors to leak sensitive information and underm...
Initial AMD Technical Assessment of CTS Labs Research - 03/21/2018 08:05 AM
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with...
Security researchers bypass lockscreen and install malware through Cortana - 03/07/2018 09:11 AM
Researchers shared the word that they will demonstrate how they are able to bypass the password-protected Windows 10 lock screen and then install malware from a website, through Microsoft’s ...
Microsoft Researches Holographic Near-Eye Displays - 05/22/2017 08:55 AM
Microsoft shows a thing or two how digital holography can be used to build novel near-eye displays for virtual and mixed (or augmented) reality. using the form factor of sunglasses by using a powerf...
Google Project Zero researchers find ‘crazy bad’ Windows RCE flaw - 05/09/2017 08:24 AM
Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windo...
Senior Member
Posts: 312
Joined: 2017-09-02
I tried to Show Microsoft that a 12 gauge shotgun can destroy a laptop running windows 10 and that my wifes macbook was immune Due to her " I'll kill you" stare. Microsoft didn't buy it. Now I have no laptop.
Senior Member
Posts: 117
Joined: 2003-07-29
I've seen a few GSOD's from Windows10--yep, the actual green skin variety--and every single time it happened it was a result of me pushing an overclock too far. Notched back on the offending clock the appropriate number of MHz, and all is well--no more green SOD's. I've never seen one in recent memory, however, unless I caused it.
Also, hackers all over the world vy for some Microsoft money awarded to them for "finding flaws." Microsoft gladly pays them for the ones it considers important and legitimate. So I find it somewhat amusing that these hackers get elevated to the grandiose title of "security researchers" whenever a hack is successful. There are lots and lots of hacks that can be accomplished in a machine in which a person has administrator access--especially direct physical access. But when they don't get "recognized" by Microsoft (ie, there's no payday) many of them get "revenge" by publicizing their hacks to all comers. But the fact is that when you have administrator rights and direct physical access, you own the world where that machine is concerned, and at that point the entire OS becomes a "vulnerability." How do these hackers (and I don't say that disparagingly) expect Microsoft to engineer a defense against the gullibility of some people who respond favorably to phishing techniques? Not possible, imo.
EDIT: also, I think you meant "vie" not "vy"
In this case, this guy emailed Microsoft for a fix. I don't see him trying to cash in on this with the way he went about it. You shouldn't be defending Microsoft for something like this where they've had more than a decade to move the filesystem stack out of the kernel and into userspace memory but haven't done so and now have to face the consequences of that and their default memory dumping policy allowing for in-memory information being copied after a BSOD.
Again, I hope you people aren't underestimating this and are mode mindful of things like disk images being mounted, not just USB drives.
I tried to Show Microsoft that a 12 gauge shotgun can destroy a laptop running windows 10 and that my wifes macbook was immune Due to her " I'll kill you" stare. Microsoft didn't buy it. Now I have no laptop.
It's really hard to steal data from a shattered laptop by running something.
Senior Member
Posts: 312
Joined: 2017-09-02
I don't stick stuff in my USB ports that do not belong in them. Nor do I allow Someone else to do so. If you do allow that to happen, you might as well shoot your PC with a shot gun.
Senior Member
Posts: 1377
Joined: 2014-07-22
I've seen a few GSOD's from Windows10--yep, the actual green skin variety--and every single time it happened it was a result of me pushing an overclock too far. Notched back on the offending clock the appropriate number of MHz, and all is well--no more green SOD's. I've never seen one in recent memory, however, unless I caused it.
Also, hackers all over the world vy for some Microsoft money awarded to them for "finding flaws." Microsoft gladly pays them for the ones it considers important and legitimate. So I find it somewhat amusing that these hackers get elevated to the grandiose title of "security researchers" whenever a hack is successful. There are lots and lots of hacks that can be accomplished in a machine in which a person has administrator access--especially direct physical access. But when they don't get "recognized" by Microsoft (ie, there's no payday) many of them get "revenge" by publicizing their hacks to all comers. But the fact is that when you have administrator rights and direct physical access, you own the world where that machine is concerned, and at that point the entire OS becomes a "vulnerability." How do these hackers (and I don't say that disparagingly) expect Microsoft to engineer a defense against the gullibility of some people who respond favorably to phishing techniques? Not possible, imo.