A hardware expert has released a proof-of-concept code (PoC) which can crash virtually any Windows computer in a matter of seconds.
The interesting fact about this bug—which is available on GitHub—is that it can crash the machines whether they are active or in a locked state.
In his publication, Marius Tivadar, who works for BitDefender, showed how the code can exploit a particular vulnerability in the way Microsoft handles the NTFS file system.
Windows Auto-Play & the NTFS Bug
This PoC features a distorted NTFS image which users can take and subsequently load on a typical USB thumb drive. Once this USB drive gets in a Windows computer, it crashes its system in mere seconds—causing a BSOD (Blue Screen of Death).
According to Tivadar, the PoC activates “auto-play” by default. He further went on to explain that even in instances where the auto-play has been disabled, inserting the file in a system will still result in it crashing.
This can, for example, occur when the USB stick is entered in a machine, and Windows Defender or any other tool that is opening this USB stick scans it.
Microsoft Dismisses the “Potential Security Bug” Threat
Soon after making this discovery, Tivadar indicates on his GitHub page that he initially tried to make contact with Microsoft about it back in July 2017 to report the bug.
However, it is only after the company refused to acknowledge the discovery as a potential security bug that he decided to announce and share it with the public.
Microsoft downgraded the severity of the bug because to exploit it, either social engineering or physical access is required (deceiving the user).
Tivadar, however, does not seem to agree with this response. In his argument, Tivadar initially outlines that physical access is not the only way to dispatch the bug, arguing that attackers can also use malware to deploy this PoC while afar.
The Bug Is Also Bad News for Locked PCs
Furthermore, Tivadar also outlines that this bug is more severe than Microsoft perceives. This is because the NTFS bug is also active even when the PC is in a locked state. This he especially emphasizes since naturally, the operating system ought not to read any data from any objects inserted in its ports when at this state.
The BitDefender researcher firmly believes that people should avoid inserting any USB volumes/sticks even when a system is in lock mode.
According to him, a system should not be loaded with any driver while in locked mode. Naturally, when a system is locked, even if anyone mounts any external peripherals on the machine, the researcher states that it ought to perform no codes.
To support his claims, Tivadar published two exclusive videos on his Google Photos account displaying this bug crashing PCs in both locked down and active states. He also has another PoC, which is available on his Google Drive account.
Which Windows Systems Are Vulnerable?
Tivadar said several Windows Systems are affected by the bug. They include Windows 7 (Build 7601 x64, Enterprise 6.1.7601 SP1), Windows 10 (Enterprise Evaluation Insider Preview 10.0.16215, Build 16215 x64) Windows 10 Pro (10.0.15063) as well as Windows 10 (Build 15063 x64).
Microsoft has made changes in its latest Windows 10 (build 16299) release, rendering this particular system safe form the NTFS bug.