tao Posted May 11, 2018 Share Posted May 11, 2018 A bug causing Windows machines to crash when a USB drive is inserted won’t get a patch from Microsoft, despite the issue said to be affecting all versions of the operating system, including the newly-launched April 2018 Update. Security researcher Marius Tivadar says in a post on GitHub that he first reported the problem to Microsoft in July 2017 after discovering that a USB drive running a handcrafted NTFS image can cause any system to crash even if locked. “Microsoft was very responsive regarding my disclosure 1 year ago, but they didn’t issue a security patch,” Tivadar explains. While the bug can only generate a BSOD on the target host, the security researcher describes it as a denial of service. “Inserting a memory stick when a computer is in a locked state triggers the execution of a lot of OS code, such as mounting file systems. This could be dangerous if the file system is handcrafted and aimed at exploiting the OS. This behavior should be changed for any operating system,” he says. No fix (just yet) Microsoft, however, won’t issue a security fix for this bug, explaining in a private conversation with Tivadar that because the report requires “either physical access or social engineering” it can’t receive a CVE and get a patch. The bug exists in all Windows versions, and the security researcher has managed to reproduce it in Windows XP, Windows 7 Enterprise, and various releases of Windows 10, including the April 2018 Update. “Fortunately, this bug can generate a BSOD and nothing more. It cannot be weaponized. Still, in some scenarios, a blue-screen-of-death could be unacceptable,” the researcher explains. Microsoft hasn’t offered a public statement on this bug, and it’s still not known whether a fix is on its way or not. We have reached out to the company for more information and will update the article when and if an answer is offered. < Here > Link to comment Share on other sites More sharing options...
LeeSmithG Posted May 11, 2018 Share Posted May 11, 2018 M$ should release a patch, it's their duty. We buy their operating system(s) then they have a duty of care to deal with problems, like if you purchase hardware like a car and it develops a fault then seller should fix it. Windows 10 Pro has given me four (4) b.s.o.d. in past year, I got three (3) when typing via keyboard and it's a M$ keyboard. Link to comment Share on other sites More sharing options...
Jogs Posted May 11, 2018 Share Posted May 11, 2018 MS shouldn't be blamed here at all, because they are not competent enough to make a patch. Link to comment Share on other sites More sharing options...
Reefa Posted May 12, 2018 Share Posted May 12, 2018 Thread moved from general news... Link to comment Share on other sites More sharing options...
meohmy Posted May 12, 2018 Share Posted May 12, 2018 Just updated my spare computer and it will now not boot up, starts booting and stays on blue screen with the message 'waiting' and it's been like that for 24hours. Tried doing a repair from the install disk and failed, tried to do a system restore and failed, tried to repair MBR which showed as success but still no bootup. Seems I will have to delete the partition and start again so its a good job I can still access the hdd using using sergei's boot disk. I am running a genuine win 10 pro and this is the second time this has happened on the same p.c with a ms feature update. Link to comment Share on other sites More sharing options...
virge Posted May 12, 2018 Share Posted May 12, 2018 On 5/11/2018 at 9:18 AM, adi said: “Inserting a memory stick when a computer is in a locked state triggers the execution of a lot of OS code, such as mounting file systems. This could be dangerous if the file system is handcrafted and aimed at exploiting the OS. This behavior should be changed for any operating system,” he say. 1 Disable AutoRun/AutoPlay is the fix. Link to comment Share on other sites More sharing options...
straycat19 Posted May 12, 2018 Share Posted May 12, 2018 On 5/11/2018 at 8:18 AM, adi said: managed to reproduce it in Windows XP, Windows 7 Enterprise, and various releases of Windows 10 I have tried this on my Windows 7 Enterprise, Pro, and Ultimate systems and my Windows 8.1 systems, along with my lone Windows 10 Ockel Sirius Pro A and it doesn't work on any of them. Probably because of my security settings. Autorun/AutoPlay is not disabled on any of them. Link to comment Share on other sites More sharing options...
byntf Posted May 14, 2018 Share Posted May 14, 2018 On 5/11/2018 at 8:58 AM, LeeSmithG said: Windows 10 Pro has given me four (4) b.s.o.d. in past year Only three?!! Can I borrow your Lucky Charms? Link to comment Share on other sites More sharing options...
Archanus Posted May 14, 2018 Share Posted May 14, 2018 I don't what happen with Microsoft ... the f*ckin people in Twitter (Dona N1gga Sarkar, Jen Old-Gentleman, Steve Fat Ballmer) said the "this is the best Windows ever" That people are completely crazy, blind or evil ??? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.