Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked
Click here to post a comment for Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked on our message forum
fantaskarsef
I need this thing for when I don't want to work... wait, my current laptop's still on 7 ENT 😀
Kaarme
I've never seen Win10's BSOD. Although I've seen it getting totally jammed and stuck with a static image a whole bunch of times, requiring a hardware reset. But that's probably hardware/driver related, not Win10's fault per se, I imagine.
Viper666
Well i sort of agree with Microsofts decision to downgrade the risk, as requiring psychical access may lead to even more damage by using an USB Killer for example. Why just crash the system when you can destroy it.
FM57
Bounty hunter.
He wants the US$ for the discovery of the flaw and Microsoft refuses to hand him his candy.
David3k
https://github.com/mtivadar/windows10_ntfs_crash_dos
It's actually much worse than you think; It's not a buggy hardware or thumbdrive firmware causing an issue: pretty much any standard USB thumb drive can be turned into this by simply intentionally malforming an NTFS partition (only a partially completed partition, in this case), which is easily done.
The written partition is automatically mounted when the drive is plugged in but the way it is modified causes the filesystem stack to crash, which, unfortunately for Windows, is a kernel component. Why Microsoft has not created filesystem miniports to the kernel and moved the filesystem driver stack into a userland environment is beyond me, considering malformed removeable filesystems has been a cause of many a bluescreen since even before 2003.
The problem here is if it is a full memory dump, that dumpfile can easily be copied with minimal interaction by another automated USB boot drive to replace the "crashing" drive, so it's worse than just breaking the hardware.
The biggest issue here is it doesn't even have to be a USB thumbdrive: since a BSOD memory dump file is readable by any user on the system, they can write a program to launch on user login that sends the latest crashdump to a remote location using the BITS, then proceed to mount a malformed NTFS image. System crashes, memory dump is created, System reboots, and dumpfile is sent on the next login.
All this and not one UAC elevation prompt was required.
EDIT: The worst part about all this is it seems Microsoft outright said they're not going to even fix this issue and everything is working as intended.
Further information and research here: Kaarme
Fox2232
Unless it can force code execution, it is just stupid joke. If I can plug USB to your system, I can hold power button on it too.
reix2x
i would like to see if it affects windows server, i see some applications in a server room. It could be used as a form of sabotage .
asturur
Is not a stupid joke is a stupid OS that crash on broken disks. And this is inadmissible nowadays.
David3k
waltc3
I've seen a few GSOD's from Windows10--yep, the actual green skin variety--and every single time it happened it was a result of me pushing an overclock too far. Notched back on the offending clock the appropriate number of MHz, and all is well--no more green SOD's. I've never seen one in recent memory, however, unless I caused it.
Also, hackers all over the world vy for some Microsoft money awarded to them for "finding flaws." Microsoft gladly pays them for the ones it considers important and legitimate. So I find it somewhat amusing that these hackers get elevated to the grandiose title of "security researchers" whenever a hack is successful. There are lots and lots of hacks that can be accomplished in a machine in which a person has administrator access--especially direct physical access. But when they don't get "recognized" by Microsoft (ie, there's no payday) many of them get "revenge" by publicizing their hacks to all comers. But the fact is that when you have administrator rights and direct physical access, you own the world where that machine is concerned, and at that point the entire OS becomes a "vulnerability." How do these hackers (and I don't say that disparagingly) expect Microsoft to engineer a defense against the gullibility of some people who respond favorably to phishing techniques? Not possible, imo.
Killian38
I tried to Show Microsoft that a 12 gauge shotgun can destroy a laptop running windows 10 and that my wifes macbook was immune Due to her " I'll kill you" stare. Microsoft didn't buy it. Now I have no laptop.
David3k
Killian38
I don't stick stuff in my USB ports that do not belong in them. Nor do I allow Someone else to do so. If you do allow that to happen, you might as well shoot your PC with a shot gun.