A hardware expert from Romania has published a PoC on his Github account that will crash most of Windows computers within seconds of execution of code. The code can crash the operating system even if the computer is locked. The code uses a vulnerability in NTFS filesystem images which was discovered by a security researcher from Bitdefender.
The PoC contains a malformed NTFS image which can be copied to a thumb drive which can be inserted into any computer and make it crash within seconds, causing a Blue Screen of Death.
“Auto-play is activated by default,” Tivadar wrote in a PDF document detailing the bug and its impact.
“Even with auto-play [is] disabled, [the] system will crash when the file is accessed. This can be done for [example,] when Windows Defender scans the USB stick, or any other tool opening it.”
The security researcher Tivadar contacted Microsoft about the bug in July 2017 however they didn’t classify it as a security bug. The company thought the bug was not critical since it requires physical access to the computer or social engineering to trick the user into inserting the USB into his computer. The researcher does say that physical access to the machine is not required as the PoC can be used to deploy using malware.
“I strongly believe that this behavior should be changed, [and] no USB stick/volume should be mounted when the system is locked,” the researcher said. “Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine.”
The researcher published two videos showing the NTFS Bug which intentionally crashes a PC, he has also uploaded the video to his Google Drive account.
Take your time to comment on this article.