NTFS Bug Allows Malicious Websites to Bluescreen Windows 7 and 8.1 Systems

Discussion in 'HardForum Tech News' started by Zarathustra[H], May 26, 2017.

  1. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,630
    Joined:
    Oct 29, 2000
    Russian site habrahabr.ru has a story up regarding how a new bug found in NTFS allows malformed filenames to bluescreen Windows 7 and 8.1 boxes. (Those of us not of unusual linguistic inclination can access an English version courtesy of Google Translate.) Apparently this issue is made worse by the fact that malicious websites can embed images using this malformed filename format, causing browsers to save it in their image cache and crash.

    If you are somewhat of an old-timer like me, this may sound familiar due to the late 90's C:\con\con bug found in Windows 98.


    When an attempt is made to open a file relative to the $ mft file, the NtfsFindStartingNode function will not find it, because This function performs a search somewhat differently, in contrast to the function NtfsOpenSubdirectory, which finds this file always. Therefore, the loop starts from the root of the file system. Next, the function NtfsOpenSubdirectory will open this file and grab it ERESOURCE exclusively. At the next iteration, the loop will find that the file is not a directory, and therefore will interrupt its operation with an error. And at the end of its work function NtfsCommonCreate through the function NtfsTeardownStructures will try to close it. Function NtfsTeardownStructures, in turn, will face the fact that it can not close the file, because It is opened by the file system itself when it is mounted. In this case, contrary to the expectations of the NtfsCommonCreate function, the NtfsTeardownStructures function will not free the ERESOURCE $ mft file. Thus, he will remain captured forever. Therefore, for example, when you try to create a file or read a volume file, the NTFS file system will try to grab the ERESOURCE $ mft file and hang at this stage forever.
     
    scojer likes this.
  2. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,814
    Joined:
    Nov 1, 2012
    Yet another reason to use windows for surfing.
     
  3. Simmonz

    Simmonz 2[H]4U

    Messages:
    2,506
    Joined:
    May 14, 2008
    Will be interesting if Microsoft bothers to fix this. Windows 8.1 is still in mainstream support and this could count as a security fix for 7 but I wouldn't be surprised if Microsoft did jack to fix it hoping people will move on to 10. Hopefully it makes them want to go Linux instead.
     
  4. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,435
    Joined:
    Jul 16, 2008
    What for?

    Just reformat FAT32 and drive on :ROFLMAO:
     
  5. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    MS doesn't really need to fix this....

    In a recent thread a few windows boosters suggest Linux servers should protect windows users from nasty stuffs.

    So seeing as Googles Chrome Browser doesn't allow websites to link local files like this... I guess a Linux Company is protecting the windows masses in this case. lol
     
    grtitan likes this.
  6. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Since it is a security flaw I'm guessing they'll fix it. The reason why it doesn't work in 10 is because this particular handle was changed and probably a lot of code with it. It's very possible when this code was refactored the flaw was fixed and no one even noticed the flaw to begin with. That's often the case when refactoring code, it can not introduce bugs but fix ones a developer may not even be aware were there. And no this isn't a defense of Microsoft, this is just how software development goes. Anytime code changes there can be unintended side effects, both bad and good.
     
    ManofGod likes this.
  7. blkt

    blkt Gawd

    Messages:
    665
    Joined:
    Oct 9, 2009
    Hey guys, I'm not here to defend Microsoft but here are some possibilities as to the reason why you should be running Windows 10. Edit: This post is a joke, please read the previous post. :rolleyes:
     
    Last edited: May 27, 2017
    heatlesssun likes this.
  8. MV75

    MV75 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Nov 13, 2007
    Oh really? Then why do I get cut off from support when I install the April updates just because I have a 7700 cpu? 8.1 certainly is not in mainstream support.
     
    Mistral, lilbabycat, grtitan and 3 others like this.
  9. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    While I might agree with you in some instances, allow me to go all conspiracy nut on this situation for a moment:

    What IF - that's a big IF so you don't miss it - this suddenly "new" exploit wasn't really new at all and instead was something that Microsoft has known about for a very very long time now because nobody knows the Windows source code better than they do, not even the most talented most creative "hackers" in the world today, and let's wonder what IF (yep) this exploit suddenly made an appearance at a particular point in time when Microsoft has been really pushing the Windows 10 security aspects like they're some freakin' Holy Grail kind of thing (it's really not) and doing pretty much everything they can to get people to stop using Windows 7 and 8.1, and finally what IF (yes, yes) what I'm speculating at here actually was found to be completely true because of the fact that it only affects Windows 7 and 8.1 which are the two products that Microsoft absolutely seems to despise more and more with each passing second because some folks just think those versions of Windows are better for them and the way they choose to use their computers running the Windows operating system?

    I wouldn't put it past them, not for one single damned second, and just because it appears to have been noted and published (for research purposes of course) at a Russian website doesn't mean a certain company based in Redmond, WA, USA, isn't involved on any of several levels in the outing.

    I'm just sayin... :D
     
    dgz, grtitan and Simmonz like this.
  10. BulletDust

    BulletDust [H]ardness Supreme

    Messages:
    6,057
    Joined:
    Feb 17, 2016
    Interesting point if I do say so myself, got me thinking.
     
    Simmonz likes this.
  11. ManofGod

    ManofGod [H]ardForum Junkie

    Messages:
    10,085
    Joined:
    Oct 4, 2007
    Oh quick, look, there is a bug in Windows, GET OUT THE PITCH FORKS! The world is coming to an end and everyone is switching to Linux. /s LOL :D Perhaps the reason these are posted here is so as too inform us of what is going on? Nah, it is for the Linux squad to come in and bash instead. :D Oh well, it certainly is entertaining.
     
    heatlesssun likes this.
  12. Simmonz

    Simmonz 2[H]4U

    Messages:
    2,506
    Joined:
    May 14, 2008
    Oh it's still in mainstream support, Microsoft just doesn't seem to care. They have been screwing people for years, now it's just starting to effect their customers. Fight the power man, don't support them in any way. Leave them, just because they say they hit you because they love you doesn't make it so.
     
    dgz likes this.
  13. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Really? It's a decade old flaw in Windows that was apparently fixed with this code was refactored. That's just not conspiracy theory level material nearly as much as a software development. Is it possible that this was discovered in the refactoring in Microsoft? Perhaps but it's as easy to fix bugs as introduce them in refactoring.

    I get that a lot of folks think I work for Microsoft. I don't think too many of them write code at any level for a living. Shit happens.
     
  14. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    Heatle if you haven't caught on the microsoft employee thing is a joke... and only really funny at this point as it seems to hit a nerve.

    You can claim refactoring code or some such BS for why Windows 10 is immune to this decade old bug. I don't buy it and neither do most people with half a brain.

    MS has been Guilty in the past, as in found guilty in a court... of this exact practice with older operating systems and software. So as much as MS wants to claim that was old MS and behaviour of the old bosses ect ect... BS their actions seem to point to MS being the same Ole MS we all know and love/hate.
     
    Zuul, grtitan and Simmonz like this.
  15. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Really? WannaCrypt was fixed 61 days before the exploit for all Windows 7 users. We deployed the fix one week after the patch and has no issues running Windows 7 at a major bank. Nothing went down as a result of the patch or WannaCrypt to my knowledge. Hitting a major US bank would have been a coup for WannaCrypt and that doesn't have seem to be the case with all of them having large Windows client deployments, mostly still on 7.
     
    Ur_Mom likes this.
  16. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    Well that's nice... I think however he was referring to MS deciding his hardware was to new to operate with a currently "fully" supported operating system.
     
    grtitan likes this.
  17. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    If they fixed it so easily for Windows 10 they could have done exactly the same thing at the same time for Windows 7 and 8.1 which share the same foundational code-base. It is literally a non-issue not even reaching trivial status to do such a thing and release a security update to address it lickety-fucking-split. But no, they didn't do that, but I'll bet you somebody at Redmond is damned sure working on it right now. ;)
     
    grtitan and Simmonz like this.
  18. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Yeah, I'm goddamn tired of it. Fuckers repeating that BS lie are putting me at risk. I don't work for Microsoft and never have and I'm going to shove a stake up the ass of those who say it from now on. It's fucking stupid. I like Windows because it runs my stuff. Why the fuck is that so hard to understand without all of the bullshit? Hell, I'm running Windows 10, but now shouldn't where I last took a shit be flashing somewhere?

    Then you've never written code for use in the real world. This happens all of the time.


    Well duh. But every time a piece of code is touched in Windows is a fucking conspiracy? That's fucking insane.
     
    Ur_Mom likes this.
  19. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    That was his choice. Those versions of Windows were never sold with those CPUs and announced over a year ago not to be supported. And I've said from the beginning I think this was stupid. But the number of people effected by this is less than the number of people running VR under Windows.
     
  20. ManofGod

    ManofGod [H]ardForum Junkie

    Messages:
    10,085
    Joined:
    Oct 4, 2007
    Oh quick, look, there is a bug in Windows, GET OUT THE PITCH FORKS! The world is coming to an end and everyone is switching to Linux. /s LOL :D Perhaps the reason these are posted here is so as too inform us of what is going on? Nah, it is for the Linux squad to come in and bash instead. :D Oh well, it certainly is entertaining.
    Nope, it requires a whole brain to think beyond conspiracy level of thinking, just saying. :) Fact, this is a bug. Fact, it needs to be fixed or an issue may occur. Fact, that is the only information we have. Fiction: this is done on purpose to get people onto Windows 10. Oh well, considering you know nothing of Windows, according to your own admission, I would take anything you consider as true with less than a grain of salt.
     
  21. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,787
    Joined:
    Sep 13, 2008
    Also this is not an issues for Dos 6.22 for the win so we all are better of running dos 6.22 just saying.
     
    blkt, grtitan and ChadD like this.
  22. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    Ok I was going to leave it alone cause clearly your a bit upset.

    Seriously though do you think [H] seriously thinks you work for MS and are going to boot you as a undisclosed vendor or something ? Dude I don't think you have anything to worry about. Let it go and I'm sure we'll drop it... perhaps if we just called you the "resident amature semi-pro MS spin doctor in unpaid training" ?
     
    Zuul and grtitan like this.
  23. ManofGod

    ManofGod [H]ardForum Junkie

    Messages:
    10,085
    Joined:
    Oct 4, 2007
    If they were aware of it before, that is. Bugs are bugs and need to be fixed, throwing conspiracy theories around does not change that fact.
     
    heatlesssun likes this.
  24. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    Know nothing of windows isn't exactly true. I help companies migrate away from windows so yes I am pretty well versed in most thins MS. Do I keep up with ever little bit of MS info of course not.

    I agree this is possibly just a bug they have never seen. I also know how many millions of line their bloated windows code is so the Woops we fixed it ourselves by accident line could perhaps be true. You have to admit though for a lot of years "Woops... we broke our old stuff, and its old so whatever" is a song MS sung a lot. As I said its part of what they where legally finger slapped for. So I am not sure I would use the word "conspiracy" seeing as it so closely describes known past behaviour.

    I would say that it is just as plausible that some manager somewhere said nice fix guys, na don't worry about posting it to be parsed by the Win 8/7 guys its not important.

    So in my mind the odds are right around 50/50 that it was fixed by accident and no one noticed... or that it was noticed and someone still with their old MS pants on just didn't send it down the line for the older windows maintainers.
     
  25. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Refactoring code doesn't mean you see all the flaws in existing code. Nor does it mean the refactored code is easily moved over to older code. Anyone that's written code of an complexity will swear to this. That's not to say that the flaw wasn't discovered and Microsoft ignored it downstream, that's certainly possible. But it's easy to fix and introduce bugs when refactoring without knowing one way or the other. Considering the age of this bug and that many old bugs exist in Windows 10, I thinking it's more about natural process. WannaCrypt was in fixed in Windows 10 as the same time as other versions of Windows and that one was a HUGE hit on Microsoft's image. I just don't get the motivation for Microsoft to fix HUGE bugs for 10 and leave them in other currently support versions.
     
  26. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    You honestly don't get the motivation to get people on Windows 10 and do almost whatever it takes to get people off Windows 7 and 8.1? Did you really just admit that?

    (we need an emoticon for :fucking_baffled: I think) :D
     
    Zuul and grtitan like this.
  27. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    So you help companies move away from Windows. So you don't use Windows or actually help people use Windows. That's fine but understand that you just said you make money moving people away from Windows and fucking lie about me.
     
  28. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Who doesn't get that Microsoft wants everyone to move to the latest version of Windows? That's been the case for almost 3 decades. "Keep running Vista and it'll be just as secure as Windows 7." Nothing that Microsoft ever said or that many would have cared about anyway.
     
  29. MavericK

    MavericK Zero Cool

    Messages:
    28,566
    Joined:
    Sep 2, 2004
    Yeah, you would think that...except not in reality. It's been going on for far longer than was funny.

    No one here needs to shill for MS. People use Windows because it generally just works with very little user effort, and because for the most part, they have to for their sweet, sweet apps and games to work.
     
  30. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    It's FAR more than being upset and it's time to cuss people out over fucking lies. I'm tired of if and the risk fuckers are putting me at. I've never assumed where people in this forum work and it's not like they advertise it. I'm trying to cuss you out personally but I'm done with this shit. Don't use Windows, fine. Like Windows, work for MS. Fuck the hell off.

    Well then I don't work for MS do I?

    So all of this nonsense about working for MS and I don't. I don't know where you work, never asked, don't care, so why the fuck would you talk about where I work? It's just bullshit and yeah, it's time to call it out.
     
    auntjemima likes this.
  31. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    Man your easy to upset. I have joked about you and no one but you takes you work for MS seriously dude so once again relax. lol

    Yes I work with windows plenty... there is almost always either a need to keep a few windows boxes around, or a phase out plan. So yes I know more then nothing but no I don't go to quarterly MS brain wash training sessions either. :)

    Regardless we are way off topic I believe. This show stopper windows 7 8 bug... hopefully gets fixed now that their is attention on it. Believe the "conspiracy" version or the honest mistake/oversight version. Either way hopefully MS gets the fix pushed into a update in a timely manner.
     
  32. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Nope. Please tell me how many times I've said you work for a corporation worth half a trillion dollars jokingly or otherwise? The answer is zero.

    I'm just done with that. I love to debate about things Windows but I'm done with that lie.

    Windows sucks, Linux rules all. You win. But again, say I work for Microsoft and you and anyone else is going to get the cussed out about it. I'm goddamn done with that. Period.
     
    Last edited: May 27, 2017
    auntjemima, ManofGod and Ur_Mom like this.
  33. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    Well it was a joke, and I mistakenly thought you where in on it I guess. I am a bit surprised you believe any mods around here would think you where honestly a MS plant and boot you. Anyway... whatever dude. Ok you don't work for MS. I believe you... always did.

    We can stick to arguing over windows for now on. Please though when we do don't bring up games in arguments in threads that are not game related. Lets leave issues that pertain to business or infrastructure or any other non game computing issue related to on topic arguments. I don't want to hear about your fantastic full room VR setup with 5 towers and the small country you could be powering instead when we are having a conversation about security or purchasing decisions for Health Care providers.

    You cut the BS and so will I.
     
  34. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    That was my first thought.

    That was my second thought.

    Nah, too long and underserved, fanboi, blind fanboi or paid shill are good enough.
     
    BulletDust and ChadD like this.
  35. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    I think you're cool and I apologize for directing my posts at you. But I'm tried of that claim and that's the end of it for me. At some point enough is enough and that's enough.

    Fair enough. It's just that I buy so much hardware that has no Microsoft branding that does so many other things well. Linux folks accuse me of this and that, just go buy a lot of new hardware and tell me how that goes.

    I work in a large business, not Microsoft that runs Windows 7 and tons of other Microsoft products well. So okay, Windows bug, like that's new and Linux is perfect.
     
    Red Falcon and ChadD like this.
  36. Ur_Mom

    Ur_Mom I'm Not Serious

    Messages:
    19,602
    Joined:
    May 15, 2006
    Any business owner that didn't push that would be gone real quick.

    This is business. Moving to the latest and greatest and getting another sale. They keep improving, they want you to move forward and not stay in the past. They have no obligation to support old products.

    Why isn't my Mac Classic able to upgrade to OSX? Hell, why isn't my Mac Pro able to upgrade past Lion?

    People are always bitching about Microsoft trying to push Windows 10 to consumers. This is business. This is and always has been how it's done. They push the new version, the new product, and the older ones lose support. This should not come as a surprise to anyone.
     
    auntjemima and heatlesssun like this.
  37. BryanSTG

    BryanSTG Gawd

    Messages:
    778
    Joined:
    Jul 29, 2009
    Microsoft is not just pushing Windows 10, they are actively sabotaging older versions.
     
    naib, ChadD, lilbabycat and 2 others like this.
  38. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    Oh, well, it came as a big rude fucking surprise to a lot of people when owners of computers running Windows 7, 8, and 8.1 went to bed one evening or night and woke up the next morning or day and discovered "Wait, what, how the hell did Windows 10 install itself on my machine when I didn't want it and even went so far as to make sure I expressly and specifically chose the option in that stupid fucking Windows Update that I did not want to upgrade to Windows 10..." or words to that effect.

    That's the difference here: Microsoft has done things that are obviously going way way over a line that no other such company has breached in my experience of working with personal computers for 4+ decades now. They did something that is easily and accurately described as malicious by my definition and usage of the word - people decided they didn't want Windows 10 and clicked a button that should have CLOSED the upgrade application since it used the all too familiar and Windows standard "X" gadget in the upper right hand corner of the dialogue window that appeared and what happened: the upgrade process was started.

    That's malicious, by any definition, and absolutely deceptive to have modified their own industry standard UI design principles for the express purpose of doing something exactly 180 degrees the opposite of what that button was designed to do and in this case it caused an automatic upgrade to Windows 10 when the purpose of the end user clicking that button was to answer "No, I don't want this, don't do this..."

    It's not business in that respect, it's immoral and downright wrong, period.
     
    Zuul, dangerouseddy and grtitan like this.
  39. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    Simple, the hardware simply cant run it.

    Some Pros lacked a proper UFI, Pros 4.1 got a raw deal.

    That we get, but ms has abused their monopoly before and is doing it now by setting up some fake and granted bullshit driven block on w7, 8 and 8.1 so we the victims have no choice but to move to w10, which, in my opinion, doesn't really add much that requires me and others to move to, besides the artificial barriers, like dx12 (which i hope gets obliterated by vulkan).

    And as others expressed, plenty just dont trust w10 and would be happy and ok running lesser versions or better yet, if the software they need was there, linux.
     
  40. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Windows 10 is a ridiculous OS. It is a kitchen sink OS that attempts to do everything. When you use it with enough hardware one in place like this gets that. It's not just tying to be for games or VR or anything specific. It an attempt to do everything. It's a brilliant piece of software but far from perfect. But seriously, what really even begins to approach it on x86? Windows 10 is too complex in many ways.