Post by hydrophilic on Feb 8, 2018 18:12:34 GMT
I've written a LOT of software for Microsoft systems. Occasionally I can trash my system (due to my own faulty programming). But recently I discovered a "bug" that effects virtually all Microsoft platforms!
Sure, running my own defective code wouldn't qualify as an "exploit".
The sad thing is, this "exploit" doesn't involve code at all. Or at least, not code that I have written!!
I am still investigating, but this seems to be a corrupt FAT file system and/or corrupt MBR.
Either way, this "exploit" will *crash* windows 95, 98, ME, 2000, XP, Vista, 7, 8, and 10!
Well "crash" is a _slight_ exaggeration. On old (DOS-based) systems (Win 95/98/Me) this will almost certainly crash the whole computer.
On newer Windows (XP/Vista/7/8/10) this will "stall" the system. Any program already running in RAM will continue to function, but after this "exploit" any attempt to read/write any file (the hard-drive or the USB-drive) will "lock" the system.
So any loaded programs which never do any disk read/write will be safe from this exploit. But because many (most?) programs do read/write to disk, they will be affected. Also, once this "bug" is infected, it seems running new programs is prohibited. I really need to investigate this more, but it is very hard because this "exploit" trashes my systems. (I said "systems" because I've tried it on several versions of Windows)
I call this a "Zero-Day Exploit" because none of my operating systems (Win 95~10) detect/report a problem, and on the few systems I have with McAfee Anti-Virus there is never any report of an error / virus / threat.
In other words, it seems neither Microsoft nor McAfee is aware of this exploit. Which makes it a Zero-Day Exploit by my definition.
I'm not saying you can run arbitrary code with this hack (which would be "uber-cool" if possible), but at the very least it is an effective "Denial of Service" attack.
I have not yet tried this on my Linux installs, and I have no way to test this exploit with MacOS. Hopefully those systems are better than 30 years of Microsoft Windows.
-------------------------------------------------------------------
I know at this point all my "talk" just sounds like a lunatic's rant!
And I would love to publish what I have discovered so everyone could comment (positive or negative, I don't care, as long as you are sincere),
but this "exploit" crashes my systems so I can't report the details yet...
I have a Linux "recovery" program that I can try... perhaps that will give me the details of Zero-Day Exploit!
-------------------------------------------------------------------
Finally, there is possibility that this "bug" is already known to Microsoft (but poorly/never documented). In which case it would not truly be a "zero-day" exploit. But because even the latest version (Win10) suffers as do older versions (tested Win98/ME), and because commercial software (McAfee) fails to detect the exploit, I (personally) consider it a 0-day hack.
YES I KNOW -- this is the wrong place to discuss MS hacking... but it has such a broad scope (perhaps global) that I felt compelled to share.
And really, I want to know if any other members have discovered "0-Day" exploits?
It could be MS Windows is so full of crap that such exploits are ubiquitous?
Sure, running my own defective code wouldn't qualify as an "exploit".
The sad thing is, this "exploit" doesn't involve code at all. Or at least, not code that I have written!!
I am still investigating, but this seems to be a corrupt FAT file system and/or corrupt MBR.
Either way, this "exploit" will *crash* windows 95, 98, ME, 2000, XP, Vista, 7, 8, and 10!
Well "crash" is a _slight_ exaggeration. On old (DOS-based) systems (Win 95/98/Me) this will almost certainly crash the whole computer.
On newer Windows (XP/Vista/7/8/10) this will "stall" the system. Any program already running in RAM will continue to function, but after this "exploit" any attempt to read/write any file (the hard-drive or the USB-drive) will "lock" the system.
So any loaded programs which never do any disk read/write will be safe from this exploit. But because many (most?) programs do read/write to disk, they will be affected. Also, once this "bug" is infected, it seems running new programs is prohibited. I really need to investigate this more, but it is very hard because this "exploit" trashes my systems. (I said "systems" because I've tried it on several versions of Windows)
I call this a "Zero-Day Exploit" because none of my operating systems (Win 95~10) detect/report a problem, and on the few systems I have with McAfee Anti-Virus there is never any report of an error / virus / threat.
In other words, it seems neither Microsoft nor McAfee is aware of this exploit. Which makes it a Zero-Day Exploit by my definition.
I'm not saying you can run arbitrary code with this hack (which would be "uber-cool" if possible), but at the very least it is an effective "Denial of Service" attack.
I have not yet tried this on my Linux installs, and I have no way to test this exploit with MacOS. Hopefully those systems are better than 30 years of Microsoft Windows.
-------------------------------------------------------------------
I know at this point all my "talk" just sounds like a lunatic's rant!
And I would love to publish what I have discovered so everyone could comment (positive or negative, I don't care, as long as you are sincere),
but this "exploit" crashes my systems so I can't report the details yet...
I have a Linux "recovery" program that I can try... perhaps that will give me the details of Zero-Day Exploit!
-------------------------------------------------------------------
Finally, there is possibility that this "bug" is already known to Microsoft (but poorly/never documented). In which case it would not truly be a "zero-day" exploit. But because even the latest version (Win10) suffers as do older versions (tested Win98/ME), and because commercial software (McAfee) fails to detect the exploit, I (personally) consider it a 0-day hack.
YES I KNOW -- this is the wrong place to discuss MS hacking... but it has such a broad scope (perhaps global) that I felt compelled to share.
And really, I want to know if any other members have discovered "0-Day" exploits?
It could be MS Windows is so full of crap that such exploits are ubiquitous?