Find a vulnerability that causes Windows computers to have a 'white screen of death' error
Recently, Eviatar Gerzi has been researching attack methods based on the old story in 2003 that it is possible to execute code through editing the window title. Finally, he discovered that it was possible to attack by quickly changing the window title on PuTTY.
This type of attack causes Gerzi's test machine to enter a state known as the "white screen of death (WSOD)". In that state, everything freezes except the mouse pointer.
When trying the same attack on a local application, the system immediately fell into WSOD because the core of the operating system was overloaded by the calls.
The misused function is called "SetWindowsText", which allows to convert the text of the title bar of the specified window.
The only way to get out of the WSOD state is to restart the computer. Therefore, this attack can be used to generate DoS states across a wide range of applications.
Not only "SetWindowsText" is an abused function, though. With the MobaXterm terminal, the function that is abused to cause an error is GdipDrawString. However, this function only causes errors for the application, not the entire computer like SetWindowsText.
Gerzi confirmed the following Windows terminals are affected by the DoS issue:
- PuTTY - vulnerability CVE-2021-33500 (freezes the whole computer), fixed in version 0.75.
- MobaXterm - vulnerability CVE-2021-28847 (app freeze only) is fixed in version 21.0 preview 3.
- MinTTY (and Cygwin) - vulnerability CVE-2021-28848 (whole computer freeze), fixed in version 3.4.6.
- Git - uses MinTTY, fixed in version 2.30.1
- ZOC - vulnerability CVE-2021-32198 (only freezes the application), no fix yet.
- XSHELL - vulnerability CVE-2021-42095 (freezes the whole computer), fixed in version 7.0.0.76.
Test on web browser
Realizing that most application GUIs use the SetWindowsText function, Gerzi tried to attack popular web browsers like Chrome.
He created an HTML file that could rapidly change the title over and over again, forcing the Chrome browser to freeze. Other browsers using Chrominum kernel such as Edge, Torch, Maxthon, Opera and Vivaldi all froze. Although Firefox and Internet Explorer did not experience the error, performance was also affected.
However, in all cases, the operating system is essentially unaffected by browsers that have a sandbox mechanism. When testing a browser attack inside a virtual machine, this method causes the system to exhaust its resources, leading to a blue screen error.
Feedback from carriers
Google considers the problem that Gerzi reported to be an abuse or stability-related issue, not a security flaw. Meanwhile, Vivaldi blamed the design of Windows 10, which does not limit application memory usage and only uses pagefile (virtual memory) when it runs out of RAM.
Microsoft says it can fix the problem, but it's not far enough to be included in the security update schedule immediately. Microsoft further shared that this problem can only be triggered locally, so the attacker will have to come into contact with the computer. Moreover, due to the nature of the error, which drains resources, the hacker will not be able to trigger anything next and will not be able to exploit beneficial information.
Responding to the above statements, Gerzi said that hackers can remotely trigger the attack by creating a malicious file on the server and then opening it from an unpatched terminal. Hackers may not gain any benefits, but if they hang up at large agencies and corporations at the right time, the damage is also very significant.
You should read it
- Steps to fix white screen error on Windows 10
- How to fix white screen error on iPhone
- How to fix White Screen of Death error in WordPress
- How to fix a Mac with white screen
- Laptop screen error is blank - Causes and solutions
- How to fix white screen on laptop
- In addition to the blue screen of death, there are 8 other types of color screen errors that also make users fear
- Who wrote the 'dead blue screen' message for Windows?
- How to fix Google Play Store white screen error
- How to find the cause of blue screen death and Minidump errors?
- How to transfer computer screen to black and white on Win and macOS
- Prevent 'blue screen errors' on Windows 8
Maybe you are interested
390,000 WordPress Accounts Stolen in Large-Scale Attack
New Microsoft 365 Attack Can Break 2FA
Code Tam Quoc Counterattack VNG receive KNB, FREE Orange General
Warning of new dangerous malware attack campaign targeting Linux
Cloudflare Withstands Record-Breaking 3.8 Tbps DDoS Attack With Automated Protection
What order should I watch Attack on Titan?