Autoplay feature can cause USB drives to trigger BSOD.

walden, system, systems, walden systems, accordion, backup, back up,back, up, ransom, ware, ransomware, data, recovery, critical, protection, remote, virtual, cloud, computing, desktop, ciel, cielview, view, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, cloud, terminal, ssh, developer, java, objective, c, c++, c#, plus, sharp, php, Excel, sql, windows, os, operating, system, o.s., powershell, power, shell, javascript, js, python, py, networks, faq, perl, pl, programming, script, scripting, program, programer, code, coding, example, devel, stored, procedure, sp, macro, switch, hub, router, ios, net, .net, interpreter socket, nas, network storage, virus, security



     A proof of concept to cause the blue screen of death on Windows devices has been released, along with a video that demonstrates the denial of service effect even if the device was locked. Using a custom image of a Windows NT file system ( NTFS ) loaded onto a USB stick, security researchers shows that it is possible to crash the system by simply inserting the drive into the USB port without user interaction. Auto play is activated by default, which can lead to automatically crashing the system when the USB drive is inserted. Even with auto play disabled, system will crash when the file is accessed. This can be done when Windows Defender scans the USB drive even when locked, or any other tool opening it. If none the above occurs the system will crash when the user clicks on the file. While this proof of concept requires physical access to the device with a USB drive, it's possible to code the attack into malware that could be delivered remotely via spam campaigns or even drive by downloads. Inserting a memory stick triggers the execution of plenty of OS code, such as mounting file systems, even if the computer is locked. This could be dangerous if the file system is customized and aimed at exploiting the OS.

     Microsoft's security team was initially responsive, but was uninterested in issuing a patch when researchers reached out to the software giant with the problem. The security flaw was first reported to Microsoft on July 2017. Microsoft offered a short statement in response to a request for comment: "The technique described requires authenticated access to a machine. We encourage customers to always use security best practices, including securing work stations and avoiding leaving laptops and computers unattended."




     FLAME and Stuxnet, have been spread using physical access and they caused problems for millions of computers world wide. Researchers recommend that this behavior should be changed. No driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine.