Zen Managed ServicesZen Managed ServicesZen Managed ServicesZen Managed Services
  • Services
    • Domain Names
    • Managed Cyber Security
    • Secure VPN
    • Hosting
      • Managed WordPress Hosting
      • ColdFusion Hosting
      • Lucee Hosting
      • SmarterMail Hosting
    • Migration Services
    • Managed WordPress
    • Email Filtering & Archiving
    • Acronis Cloud Backup
  • Support
    • Open Ticket
    • Knowledgebase
    • News/Announcements
  • BLOG
  • Contact
  • Clients
    • Client Area
    • Hosting Control Panel
    • RMM Dashboard

Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1

    Home Security Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1
    NextPrevious

    Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1

    By russmichaels | Security | 0 comment | 30 May, 2017 | 0

    Until Microsoft patches this problem, use Chrome: a slip in file path handling allows an attacker to crash Windows 7 and Windows 8.1 with a simple file call.

    The bug is triggered if Windows’ Master File Table is included in a directory path – for example, if the attacker included $MFT as a link to an image in a Website.

    “Anatolymik” of Alladin Information Security in Russia lays claim to the discovery here (in Russian).

    $MFT is supposed to be protected from user access, for good reason: every file on an NTFS volume has a reference in the MFT.

    What the researchers discovered is that if you try to access a file like c:\$MFT\foo, the NTFS (NT file system) locks $MFT and doesn’t release it: “it will be captured forever,” the post states. “Therefore, for example, when trying to create a file or read the volume of files, NTFS attempts to seize ERESOURCE $ mft file and will hang at this stage forever.”

    As Bleeping Computer notes, Chrome users can’t be remotely attacked, because it recognises and blocks images with malformed paths. Both Internet Explorer and Firefox, however, are vulnerable. ®

    No tags.

    russmichaels

    More posts by russmichaels

    Related Posts

    • 7 ways to defend your network from fatal DDoS attacks

      7 ways to defend your network from fatal DDoS attacks

      By russmichaels | 0 comment

      Distributed Denial of Service Attacks (DDoS) are quite different than how they used to be. In the past, DDoS attacks involved sending as much traffic and data as possible to a network or server, withRead more

    • New Gmail security features to protect you from phishing and ransomware

      By russmichaels | 0 comment

      Google is rolling out new security features to help organizations halt email as the attack vector for ransomware. While mass ransomware attacks have become less frequent, targeted attacks are on the rise and causing majorRead more

    • cybersecurity

      Updates to our Cybersecurity solution

      By russmichaels | 0 comment

      Bitdefender has recently released Anti-Exploit, Ransomware Vaccine and Zero Day protection to their Gravity zone product. Anti-Exploit provides on-execution protection against exploit attempts targeting known and unknown vulnerabilities in commonly used applications, such as browser,Read more

    • How to make your Website GDPR compliant

      By russmichaels | 0 comment

      Beginning May 25, 2018, The  GDPR says that users have complete control over their data, and you have to tell them why you need it. At which point, they can give the go-ahead or not.Read more

    • Severe Drupal core remote code execution vulnerability

      By russmichaels | 0 comment

      This morning we are publishing a public service announcement about a severe Drupal core remote code execution vulnerability announced yesterday. If you use Drupal or know someone who does, I’d encourage you to read this post andRead more

    NextPrevious

    Categories

    • News
    • Products & Services
    • Security
    • Tutorials
    • Uncategorized

    Recent Posts

    • 7 ways to defend your network from fatal DDoS attacks
    • New Gmail security features to protect you from phishing and ransomware
    • Updates to our Cybersecurity solution
    • DON’T MISS OUT! – Last chance to claim your .uk domain name
    • How to make your Website GDPR compliant

    Recent Comments

      Archives

      • November 2020
      • June 2019
      • April 2018
      • March 2018
      • November 2017
      • September 2017
      • August 2017
      • July 2017
      • June 2017
      • May 2017
      • April 2017
      • March 2017
      • February 2017
        Legal Documents
      • Hosting Master Service Agreement
      • Terms & Conditions
      • Privacy Policy
      • Services
        • Domain Names
        • Managed Cyber Security
        • Secure VPN
        • Hosting
          • Managed WordPress Hosting
          • ColdFusion Hosting
          • Lucee Hosting
          • SmarterMail Hosting
        • Migration Services
        • Managed WordPress
        • Email Filtering & Archiving
        • Acronis Cloud Backup
      • Support
        • Open Ticket
        • Knowledgebase
        • News/Announcements
      • BLOG
      • Contact
      • Clients
        • Client Area
        • Hosting Control Panel
        • RMM Dashboard
      Zen Managed Services