Security researchers have found a flaw in Windows that could allow hackers to crash a system when they insert a USB stick with specially crafted code. The problem happens even when Windows is locked.

Security researchers have found a flaw in Windows that could allow hackers to crash a system when they insert a USB stick with specially crafted code. The problem happens even when Windows is locked.

 

According to Marius Tivadar, a malware researcher at Bidefender, there is a flaw in how Windows handles NTFS file system images. 

 

Tivadar published a proof-of-concept code on Github. He said that “One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in locked state.

 

The researcher posted a couple of videos showing how the code crashes a Windows computer when a USB stick is inserted into it. Seconds later, the dreaded blue screen of death appears. The interesting thing to note here is that the code itself is not malware but a malformed NTFS image.

 

According to Tivadar, auto-play is activated by default. “this leads to automatically crashing the system when [a] USB stick is inserted. Even with auto-play disabled, system will crash when the file is accessed. This can be done when Windows Defender scans the USB stick, or any other tool opening it. If none of the above,” then “if the user clicks on the file, [the] system will crash.”

 

Tivadar said that auto-play behaviour should be changed so that this situation doesn’t happen when the system is locked. 

 

“Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine,” he added.

 

He said that if the kind of crash was exploitable, and an attacker could load malware even if the system was locked, it could “open thousands of possible scenarios”.

This article originally appeared at scmagazineuk.com



Source link

NO COMMENTS

LEAVE A REPLY