{"id":863,"date":"2014-05-29T07:00:00","date_gmt":"2014-05-29T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2014\/05\/29\/it-rather-involved-being-on-the-other-side-of-this-airtight-hatchway-denial-of-service-by-high-cpu-usage\/"},"modified":"2024-04-17T12:33:39","modified_gmt":"2024-04-17T19:33:39","slug":"20140529-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20140529-00\/?p=863","title":{"rendered":"It rather involved being on the other side of this airtight hatchway: Denial of service by high CPU usage"},"content":{"rendered":"

We received the following security vulnerability report:<\/p>\n

\n

Windows is vulnerable to a denial of service attack that consumes 100% CPU.<\/p>\n

    \n
  1. Use the following procedure to create a file that is enchanted by magic pixie dust: […]<\/li>\n
  2. Rename the file to TEST.EXE<\/code>.<\/li>\n
  3. Execute as many copies of the program as you have CPU cores.<\/li>\n<\/ol>\n

    Observe that CPU usage climbs to 100% and never goes down. This a clear demonstration that Windows is vulnerable to a denial of service attack from magic pixie dust.<\/p>\n<\/blockquote>\n

    The magic pixie dust is a red herring. This vulnerability report is basically saying “If you are allowed to run arbitrary programs, then it is possible to run a program that consumes all the available CPU.”<\/p>\n

    Well, duh.<\/p>\n

    This is another case of if I can run an arbitrary program, then I can do arbitrary things<\/a>, also known as MS07-052: Code execution results in code execution<\/a>. (Or in the lingo of Internet memes<\/a>, “High CPU is high.”)<\/p>\n

    Now, of course, if the magic pixie dust somehow allows a user to do things like access resources they do not have access to, or to circumvent resource usage quotas, then there would be a serious problem here, and if the high CPU usage could be triggered remotely, then there is a potential for a denial-of-service attack. But there was nothing of the sort. Here’s a much less complicated version of magic pixie dust:<\/p>\n

    int __cdecl main(int, char **) { for (;;) { } \/*NOTREACHED*\/ }\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
    You already can do that without doing anything sneaky.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-863","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"
    You already can do that without doing anything sneaky.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=863"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/863\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}