PoC Code Can Crash a Windows System Via a USB Drive
Proof-of-concept (PoC) code was published on GitHub that can be used to crash most Windows operating systems in seconds by exploiting a vulnerability in Microsoft’s handling of NTFS (New Technology File System) images. Placing a malformed NTFS image on a USB drive and plugging it into a targeted Windows system, including those in locked mode, will crash the system and result in the Blue Screen of Death. Even systems with auto-play disabled for removable media will crash when Windows Defender scans the USB drive. The researcher also claims the code could be delivered through malware. While the code works on most Windows operating systems, the vulnerability it exploits appears to be fixed for the most recent Windows 10 release. Because of these risks, the NJCCIC recommends organizations minimize, or possibly eliminate, the use of USB devices and similar removable media. To defend against malware, organizations are encouraged to implement a defense-in-depth cybersecurity strategy, employ the Principle of Least Privilege, establish strong identity and access management controls, including multi-factor authentication, and keep hardware and software up-to-date.