A security researcher has published a proof-of-concept attack that can trigger an infamous “blue screen of death” on the current Microsoft Windows and as far back as version 7.

Detailed by Bitdefender’s Marius Tivadar on GitHub, the PoC exploits a vulnerability found in the way that Windows handles NTFS file system images that can be used for a denial-of-service attack.

An attacker can create a malformed NTFS image and place the image on a USB stick. Once the USB stick is inserted into a personal computer running Windows, the system crashes within seconds.

“One can generate blue-screen-of-death using a handcrafted NTFS image,” Tivadar explained. “This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in locked state.”

In a demonstration video, Tivadar demonstrated just how easy the PoC works and it’s as simple as is described.

The primary problem, as described in the documentation, is that autoplay for USB sticks is activated in Windows by default, meaning that Windows, even while locked, will play whatever is on the USB stick, even when that file is corrupted. This suggests that while the PoC at hand only causes a BSOD crash, it could allow those with more malicious intent to do more than simply crashing a given Windows installation.

Despite Tivadar informing Microsoft of the vulnerability in July, the company declined to label it as an actual vulnerability on the basis that it requires “either physical access or social engineering.”

Tivadar said he decided to go public with the details because he believes that Microsoft should at the very least disable autoplay in the event that the Windows install is locked. “Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine,” he noted.

Photo: Oops4321/Wikimedia Commons