A ‘Blue Screen of Death’ Comeback

Thursday, December 22, 2011 @ 11:12 AM gHale


From the gone, but not forgotten department, under the right circumstances, the ‘blue screen of death’ is potentially coming back with an unpatched critical flaw in 64-bit Windows 7 that leaves computers vulnerable to the system crash.

The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to inject into machines, said security firm Secunia. The 32-bit version of Windows 7 is immune to the flaw, which came down to the win32k.sys operating system file, which contains the kernel portion of the Windows user interface and related infrastructure.

RELATED STORIES
Internet Explorer Goes to Silent Updates
Chrome Cuts Vulnerabilities in Update
Google Looks at HTTPS Security
Vulnerability Leader: Google

Proof-of-concept code showing how to crash vulnerable Win 7 boxes leaked out: The simple HTML script, when opened in Apple’s Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.

The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is the spark for the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine.

Microsoft is now investigating the vulnerability, which first came from a Twitter user, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.



Leave a Reply

You must be logged in to post a comment.