In the past, we have mentioned again the dangers that may be posed by the use of a USB we have found on the road. It may contain malicious programs that target your online accounts. A Bitdefender security researcher, Marius Tivadar, underlined the importance of this issue through the proof-of-concept code (Via: CSO Online).
When you place an unknown USB stick on your computer (which contains this code), this malicious code can cause the famous Blue Screen of Death (BSOD) in Microsoft Windows operating systems. The flaw that it exploits in this case has to do with how Windows handles NTFS images.
On page GitHub, Tivadar describes that one can cause BSOD using a "NTFS hand-made image". In addition, this service denial can be enabled by admin, the limited user account or user mode. "It may cause the system to collapse even if it is locked."
Affected versions of Windows (although not limited to) that may be targeting this attack are:
- Windows 7 Enterprise 6.1.7601 SP1, Build 7601 x 64
- Windows 10 Pro 10.0.15063, Build 15063 x64
- Windows 10 Enterprise Evaluation Insider Preview 10.0.16215, Build 16215 x64
The GitHub reference also describes the method of preparing NTFS images. After the attack, auto-play is activated and the system crashes automatically.
If the auto-play takes action, the attack can also take place when the system is locked. Tivadar believes this behavior should be discouraged.
The researcher informed Microsoft about the issue, but the company did not launch a Common Vulnerabilities and Exposures (CVE) nor did it publish an official patch. However, the company repaired the issue at some point without informing Tivadar. As a result, the BSOD code attack is not possible in the recent Windows 10 Build 16299.