Decade-Old Windows Flaw Results in Blue Screen of Death

A recently discovered decade-old denial-of-service condition could cause the instantaneous crash of a system and present users with the now-infamous blue screen of death, says a group of researchers.

The condition was discovered this week by a collection of researchers in Malta, the tiny southern European archipelago in the middle of the Mediterranean. According to Paul Gafa, CTO of 2X Software, if a user launches an application containing the malicious code, they could find their systems crashed.

"You can be the least privileged user on the system and still crash it," Gafa said. (Source: scmagazineus.com)

System Overload Could Crash Windows

A distributed denial-of-service (DDoS) attack takes place when several compromised computer systems focus an attack on an individual target (destination) PC. A flood of incoming messages to the targeted system overloads it, preventing legitimate users from being able to access the intended destination. (Source: techtarget.com)

Gafa and his team stumbled upon the flaw while constructing a software testing application. The 2X Software executive believes it's not a particularly difficult issue to resolve.

"I believe it is very easy for Microsoft to sort it out... They just need to validate arguments passed to Windows APIs (application programming interfaces)."

Flaw Dates Back to Windows 2000

The vulnerability is not a new one, Gafa says. In fact, his team is sure it's present in every version of Microsoft's Windows operating systems going back to the mostly forgotten Windows 2000.

Microsoft has taken the time to comment on the issue, but presently is dismissing the threat because of the difficulty presented to any hacker trying to exploit the flaw.

"Our initial assessment of the report is that malicious code would have to already be running or a user would have to be able to run a specially crafted application to cause the system to crash," a Microsoft spokesperson noted earlier this week. "In either case, the system has already been compromised or the user has rights to logon to the system."