For now, Microsoft is not going to patch this gap: BSOD in Windows 10 using a pendrive

It seems that Microsoft has a hole in the security of its systems. This applies to both Windows 7 and Windows 10. In July 2017, Marius Tivadar from the scientific team Bitdefender discovered that in Windows operating systems, anyone who has physical access to the computer can call BSOD by connecting a USB memory with special software. The researcher notified Microsoft about the error, but he did not do much about it. Now the expert comes up with details and demonstrates his discovery to raise awareness of the gap.

What makes this exploit dangerous is the fact that BSOD can be enforced even if Windows is blocked. Tivadar comments on the discovery:

You can generate a BSOD using an NTFS image file. A Denial of Service attack (to prevent operation by overloading a machine or application) can be carried out from user mode without administrator rights.

One more reason not to connect unknown USB storage devices

Further verification led to the discovery that the same vulnerability exists in Windows 7 Enterprise, Windows 10 Pro and Windows 10 Enterprise. The attack is possible because the Windows Auto-Play function is enabled by default, which means that the system automatically gives access to the USB drive. As a result, the code found in the NTFS image is run. However, even disabling automatic playback does not completely eliminate the problem.

Any program that tries to access the USB disk (eg automatic system scan by Windows Defender or other anti-virus) will launch the BSOD.

This type of attack can cause extremely large losses, especially if the vulnerability is used in a server operating system.

- comments Mariusz Politowicz , technical engineer at Bitdefender at Marken Systemy Antywirusowe, which is the official representative of the Bitdefender brand in Poland.

So what was Microsoft's reaction to Tivadar's results? According to employees from Redmond - "A lot of noise about nothing". They wrote to the researcher that his discovery relates only to physical access to the computer. Such an error according to the manufacturer's most popular operating system does not meet the requirements to issue a security patch. The Microsoft analyst appreciated Tivadar for revealing the gap. In the feedback message, he hopes that he will continue to test the security of their product.

Tivadar sat quietly for almost a year after his initial response from Microsoft, and apparently he is still not satisfied with the lack of action on this issue. The researcher has published the documentation , example video (above) and the NTFS image file on GitHub .

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.