Expert shows how to trigger blue-screen-of-death on Windows by triggering NTFS flaw

Bitdefender researcher Marius Tivadar has developed a dodgy NTFS file system image that could trigger a blue-screen-of-death when a mount is attempted on Windows 7 and 10 systems.

The Bitdefender expert Marius Tivadar has discovered a vulnerability tied the way Microsoft handles of NTFS filesystem images, he also published a proof-of-concept code on GitHub that could be used to cause Blue Screen of Death within seconds on most Windows computers.

“One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in locked state.” wrote Tivadar.

The PoC code includes a malformed NTFS image can be stored on a USB thumb drive. Once the user will insert the USB thumb drive in a Windows PC it will crash the system within a few seconds causing a Blue Screen of Death.

Tivadar reported the NTFS issue to Microsoft in July 2017, but the tech giant did not recognize it as a security bug so the expert opted to disclose the flaw.

Microsoft pointed out that the exploitation of the issue requires either physical access, but Tivadar explained that an attacker could use a malware to exploit the PoC code.

Tivadar noticed that the NTFS bug also works while the PC is locked, this is an anomaly because there is no need to mount a USB stick/volume when the system is locked.

“Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine.” the researcher explained.

Tivadar published two PoC videos on his personal Google Photos account and on his Google Drive account.

Pierluigi Paganini

(Security Affairs – NTFS, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]