Sunday, September 27, 2015

Microsoft BSOD error in Windows 8 underscores a vulnerability that could lead users to unkowingly get unwanted content and malware from everyday apps

Last night, while returning from a trip, I happened to look at a tweet with attached images from a particular person, and I decided to save one of them “for my own use” on the hard drive on a Windows 8.1 machine that I use primarily when playing on the road.  When I tried to enlarge it by clicking on it (as is normal in Windows Explorer) the machine (a 2014 Toshiba Satellite) displayed the Blue Screen, saying it had to restart because of a “Bad Pool Caller” (Microsoft link ).  The machine restarted OK (taking a while).  Google Chrome said it had not been shut down, and brought up the tweet on restore, and this time the click worked all right.  I saved the image.

Later I noticed, in explorer, that Windows had saved a whole subdirectory of this Twitter user’s images, about 130 of them.  The images were innocuous (a few were thumbnails of other users).  But what catches my intention is this is one way unknown content can be stored on an unsuspecting user’s PC, even without P2P. 

This occurs to have happened because of a coding issue, either in Twitter or Microsoft or both.  Instead of loading just one object, it loaded an entire class of objects.   It is rather like loading an entire array instead of a single member of the array, as indexed (like in a mainframe application in an older procedural language like COBOL). 

Bugs like this do happen when a subscript or index is left out, or not properly initialized, or when they “run away”.   This appears to be the result of some “unsafe code” and not malware.

But this kind of vulnerability could allow an attacker to load undetected objects, like malware, onto a user’s machine, even through a well respected app like Twitter.  It could, at least theoretically, even load other illegal content (like child pornography) on an unsuspecting user.

I have noticed that other software packages sometimes create folders with miscellaneous objects when loaded.  This is true with CD’s from instant cameras (as in drug stores) or when Blogger content links are saved manually.  Some of the embedded objects do get backed up into the Cloud by Carbonite, for example.  This has never caused a direct problem, but it could expose users to security risks from unknown or unwanted content. 
 I did run Trend Micro quick scan and it showed no threats. I tried to full scan before going to bed and found it would not run while the machine went to sleep, so I'll have to try it when I have time to monitor it for three or four hours.  

No comments: