Crashing NT

Reported August 29, 1997 by Martin Stiemerling

Systems Affected

Windows NT 4.0, Server and Workstation with SP3 loaded

The program does not appear to affect NT systems loaded with SP3 and ALL hotfixes.

The Problem

A newly released program (crashnt.exe) originating from Germany demonstrates an ability to crash NT.

The program, developed by Martin Stiemerling, runs in a command window using a single parameter: a drive letter of an NTFS partition. Example command line: crash d:. Martin says the NTFS partition must have at least one file in it for the program to work.

David LeBlanc says he thinks this may be a result of something in the NtFsControlFile() function.

The program appears to be a derivitive of Mark Rossinovich"s NTDefrag program that was, once upon a time, offered up freely on the ntinternals.com Web site - that is, until MS suggested that the site be, shall we say, modified.

Microsoft"s Response:

Unknown as of September 1.

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by Martin Stiemerling
Posted here at NTSecurity.Net August 31, 1997 11am