Misplaced Pages

BlueKeep

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
#645354

67-508: BlueKeep ( CVE - 2019-0708 ) is a security vulnerability that was discovered in Microsoft 's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution . First reported in May 2019, it is present in all unpatched Windows NT-based versions of Microsoft Windows from Windows 2000 through Windows Server 2008 R2 and Windows 7 . Microsoft issued

134-456: A MIPS OS box and SlickEdit for programming so that the firmware and editor both displayed white text on a blue background, making it for a more consistent programming experience. BSoDs originally showed silver text on a royal blue background with information about current memory values and register values. Starting with Windows Server 2012 (released in September 2012), Windows adopted

201-495: A black screen of death instead of a blue one. Some versions of macOS (notably OS X Lion ) display a black screen of death instead of a kernel panic, usually pointed to a graphics card or sleep/wake issue. The Xbox series of consoles (which includes the original Xbox , Xbox 360 , Xbox One and the Xbox Series X/S ) also display a black screen upon hardware or software error. Beta versions of Windows 98 display

268-471: A cerulean background. Windows 11 initially used a black background but later switched to a dark blue background starting with build 22000.348. Preview builds of Windows 10, Windows 11, and Windows Server (available from the Windows Insider program) feature a dark green background instead of a blue one. Windows 3.1, 95, and 98 supports customizing the color of the screen whereas the color

335-563: A memory dump file when a stop error occurs. Depending on the OS version, there may be several formats this can be saved in, ranging from a 64kB "minidump" (introduced in Windows 2000) to a "complete dump" which is effectively a copy of the entire contents of physical memory ( RAM ). The resulting memory dump file may be debugged later, using a kernel debugger . For Windows, WinDBG or KD debuggers from Debugging Tools for Windows are used. A debugger

402-457: A BSoD occurs when the system attempts to access the file " c:\con\con ", " c:\aux\aux ", or " c:\prn\prn " on the hard drive. This could be inserted on a website to crash visitors' machines as a prank. In reality, however, they are reserved device names for DOS systems; attempting to access them from Windows causes a crash, which in turn brings up said BSoD. Creating the aforementioned directories within Windows will also not work and may cause

469-414: A British security company, reported on a working example of such a PoC, in order to emphasize the urgent need to patch the vulnerability. On 22 July 2019, more details of an exploit were purportedly revealed by a conference speaker from a Chinese security firm. On 25 July 2019, computer experts reported that a commercial version of the exploit may have been available. On 31 July 2019, computer experts reported

536-546: A CNA requests a block of CVE numbers in advance (e.g., Red Hat currently requests CVEs in blocks of 500), the CVE number will be marked as reserved even though the CVE itself may not be assigned by the CNA for some time. Until the CVE is assigned, Mitre is made aware of it (i.e., the embargo passes and the issue is made public), and Mitre has researched the issue and written a description of it, entries will show up as "** RESERVED **". This

603-546: A CVE Numbering Authority (CNA). While some vendors acted as a CNA before, the name and designation was not created until February 1, 2005. There are three primary types of CVE number assignments: When investigating a vulnerability or potential vulnerability it helps to acquire a CVE number early on. CVE numbers may not appear in the MITRE or NVD CVE databases for some time (days, weeks, months or potentially years) due to issues that are embargoed (the CVE number has been assigned but

670-434: A CVE assignment at first place – a decision which Mitre can't reverse. The "!CVE" (not CVE) project, announced in 2023, aims to collect vulnerabilities that are denied by vendors, so long as they are considered valid by a panel of experts from the project. CVE identifiers have been awarded for bogus issues and issues without security consequences. In response, a number of open-source projects have themselves applied to become

737-480: A critical condition where it can no longer operate safely. Possible issues that may cause a BSoD include hardware failures, an issue with or without a device driver, viruses , malware , and other factors. Blue error screens have existed since the first beta release of Windows 1.0 ; if Windows found a different DOS version than it expected, the error message "Incorrect DOS version" alongside other text messages detailing what check failed to pass would be appended to

SECTION 10

#1732780301646

804-420: A dozen significant sites had included other embellished or invented details in their stories, including incorrectly naming Chen as a Microsoft executive, treating Chen as an "official company spokesperson", and using unrelated images from Windows NT or Windows 95 as illustrations. In addition, he pointed out that a special mention for the worst single distortion belonged to BGR (Boy Genius Report), who "fabricated

871-479: A mass scale was reported, and included an unsuccessful cryptojacking mission. On 8 November 2019, Microsoft confirmed a BlueKeep attack, and urged users to immediately patch their Windows systems. The RDP protocol uses "virtual channels", configured before authentication, as a data path between the client and server for providing extensions. RDP 5.1 defines 32 "static" virtual channels, and "dynamic" virtual channels are contained within one of these static channels. If

938-401: A minimum of four digits. CVE attempts to assign one CVE per security issue; however, in many cases this would lead to an extremely large number of CVEs (e.g., where several dozen cross-site scripting vulnerabilities are found in a PHP application due to lack of use of htmlspecialchars() or the insecure creation of files in /tmp ). To deal with this, guidelines (subject to change) cover

1005-481: A red error screen raised by the Advanced Configuration and Power Interface (ACPI) when the host computer's BIOS encounters a problem. The bootloader of the first beta version of Windows Vista originally displayed a red screen background in the event of a boot failure. As mentioned earlier, the insider builds of Windows 10 and later, as well as Windows Server 2016 and later, display

1072-533: A scenario and posited it as real" in a rhetorical question to readers. He also found that several sources had conflated the creation of the BSoD with the fact that they occur, thus inverting cause and effect by implying that the invention of BSoDs caused fatal errors to occur instead of their actual, helpful function of giving the user information about a fatal error after the system has already become unrecoverable (such incorrect sources transitively blamed Ballmer for

1139-400: A security patch (including an out-of-band update for several versions of Windows that have reached their end-of-life, such as Windows XP ) on 14 May 2019. On 13 August 2019, related BlueKeep security vulnerabilities, collectively named DejaBlue , were reported to affect newer Windows versions, including Windows 7 and all recent versions up to Windows 10 of the operating system, as well as

1206-644: A server binds the virtual channel "MS_T120" (a channel for which there is no legitimate reason for a client to connect to) with a static channel other than 31, heap corruption occurs that allows for arbitrary code execution at the system level. Windows XP , Windows Vista , Windows 7 , Windows Server 2003 , Windows Server 2008 , and Windows Server 2008 R2 were named by Microsoft as being vulnerable to this attack. Versions newer than 7, such as Windows 8 , Windows 10 and Windows 11 , were not affected. The Cybersecurity and Infrastructure Security Agency stated that it had also successfully achieved code execution via

1273-505: A significant increase in malicious RDP activity and warned, based on histories of exploits from similar vulnerabilities, that an active exploit of the BlueKeep vulnerability in the wild might be imminent. On 13 August 2019, related BlueKeep security vulnerabilities, collectively named DejaBlue , were reported to affect newer Windows versions, including Windows 7 and all recent versions of the operating system up to Windows 10 , as well as

1340-410: A status of "candidate" ("CAN-") and could then be promoted to entries ("CVE-"), but this practice was ended in 2005 and all identifiers are now assigned as CVEs. The assignment of a CVE number is not a guarantee that it will become an official CVE entry (e.g., a CVE may be improperly assigned to an issue which is not a security vulnerability, or which duplicates an existing entry). CVEs are assigned by

1407-576: A text-mode screen for displaying important system messages, usually from digital device drivers in 386 Enhanced Mode or other situations where a program could not run. Windows 3.1 changed the color of this screen from black to blue. It also displays a blue screen when the user presses the Ctrl+Alt+Delete key combination to bring up a rudimentary task manager , reserved for quitting any unresponsive programs if they are available. As with prior versions, Windows 3.x exits to DOS if an error condition

SECTION 20

#1732780301646

1474-539: A theoretical attack could be of a similar scale to EternalBlue -based attacks such as NotPetya and WannaCry . On the same day as the NSA advisory, researchers of the CERT Coordination Center disclosed a separate RDP -related security issue in the Windows 10 May 2019 Update and Windows Server 2019 , citing a new behaviour where RDP Network Level Authentication (NLA) login credentials are cached on

1541-503: Is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE's common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization's security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate

1608-417: Is a standardized text description of the issue(s). One common entry is: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. This means that the entry number has been reserved by Mitre for an issue or a CNA has reserved the number. So when

1675-527: Is hard-coded in the Windows NT family . Windows 95, 98, and Me render their BSoDs in the 80×25 text mode with a 720×400 screen resolution. BSoDs in the Windows NT family initially used the 80×50 text mode with a 720×400 screen resolution, but changed to use the 640×480 screen resolution starting with Windows 2000 up to 7. Windows 2000 used its built-in kernel mode font, Windows XP, Vista, and 7 use

1742-422: Is included in the "publicly released" category, but custom-built software that is not distributed would generally not be given a CVE. Additionally services (e.g., a Web-based email provider) are not assigned CVEs for vulnerabilities found in the service (e.g., an XSS vulnerability) unless the issue exists in an underlying software product that is publicly distributed. The CVE database contains several fields: This

1809-404: Is necessary to obtain a stack trace, and may be required to ascertain the true cause of the problem; as the information on-screen is limited and thus possibly misleading, it may hide the true source of the error. By default, Windows XP is configured to save only a 64kB minidump when it encounters a stop error, and to then automatically reboot the computer. Because this process happens very quickly,

1876-440: Is officially tracked as: CVE- 2019-0708 and is a " wormable " remote code execution vulnerability. Both the U.S. National Security Agency (which issued its own advisory on the vulnerability on 4 June 2019) and Microsoft stated that this vulnerability could potentially be used by self-propagating worms , with Microsoft (based on a security researcher's estimation that nearly 1 million devices were vulnerable) saying that such

1943-549: Is severe enough. The first Blue Screen of Death appeared in Windows NT 3.1 (the first version of the Windows NT family, released in 1993), and later appeared on all Windows operating systems released afterwards. The error screens started with *** STOP: in its earlier iterations, hence it became known as a "stop error." BSoDs can be caused by poorly written device drivers or malfunctioning hardware, such as faulty memory , power supply issues, overheating of components, or hardware running beyond its specification limits. In

2010-547: Is the date the entry was created. For CVEs assigned directly by Mitre, this is the date Mitre created the CVE entry. For CVEs assigned by CNAs (e.g., Microsoft, Oracle, HP, Red Hat) this is also the date that was created by Mitre, not by the CNA. When a CNA requests a block of CVE numbers in advance (e.g., Red Hat currently requests CVEs in blocks of 500) the entry date that CVE is assigned to the CNA. The following fields were previously used in CVE records, but are no longer used. In order to support CVE ID's beyond CVE-YEAR-9999 (aka

2077-429: Is unplanned, and the user is not given an opportunity to save their work. The text on the error screen contains the code of the error and its symbolic name (e.g. "0x0000001E, KMODE_EXCEPTION_NOT_HANDLED") along with four error-dependent values in parentheses that are there to help software engineers fix the problem that occurred. Depending on the error code, it may display the address where the problem occurred, along with

BlueKeep - Misplaced Pages Continue

2144-540: The Lucida Console font, and Windows 8 and Windows Server 2012 used the Segoe UI font. BSoDs on Windows 8 and Windows Server 2012 are rendered in higher resolutions than previous versions of Windows, where it uses the highest screen resolution available on UEFI machines. On legacy BIOS machines, they use the 1024×768 resolution by default, but they can also be configured to use the highest resolution available (via

2211-786: The Windows 9x operating systems, incompatible DLLs or bugs in the operating system kernel could also cause BSoDs. Because of the instability and lack of memory protection in Windows 9x OSes, BSoDs were much more common. The Windows Embedded Compact (formerly known as Windows CE) line of embedded operating systems do not contain a Blue Screen of Death. On September 4, 2014, several online journals such as Business Insider , DailyTech , Engadget , Gizmodo , Lifehacker , Neowin , Softpedia , TechSpot , Boy Genius Report ( BGR ), The Register , and The Verge , as well as print and non-English sources like PC Authority and Austrian tech site FutureZone all attributed

2278-620: The kernel panic featured within Linux (see below), it is used in the event of a boot failure. Stop errors are comparable to kernel panics in macOS , Linux , and other Unix-like systems, and to bugchecks in OpenVMS . ReactOS , an open-source operating system designed to achieve binary compatibility with Windows, implements a version of the Blue Screen of Death similar to that used in Windows NT operating systems. Windows 3.1 displays

2345-479: The ' highestmode ' parameter in Boot Configuration Data ). Windows 10 builds 14316 and up uses the same format as Windows 8, but has a QR code which leads to a Microsoft Support web page that tries to help users troubleshoot the issue step-by-step. This format was retained in Windows 11. In the Windows NT family of operating systems, the blue screen of death (referred to as " bug check " in

2412-514: The 'CVE10k problem' ) a change was made to the CVE syntax in 2014 and took effect on Jan 13, 2015. The new CVE-ID syntax is variable length and includes: CVE prefix + Year + Arbitrary Digits The variable-length arbitrary digits will begin at four fixed digits and expand with arbitrary digits only when needed in a calendar year; for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNN, and so on. This also means no changes will be needed to previously assigned CVE-IDs, which all include

2479-543: The CVE Numbering Authority (CNA) of their own project. Blue screen of death The blue screen of death (also known as BSoD , blue screen error , blue screen , fatal error or bugcheck , and officially known as a stop error ) is a critical error screen displayed by the Microsoft Windows operating systems. It indicates a system crash , in which the operating system reaches

2546-577: The RDP issue less of a vulnerability. However, the best protection is to take RDP off the Internet: switch RDP off if not needed and, if needed, make RDP accessible only via a VPN . CVE (identifier) The Common Vulnerabilities and Exposures ( CVE ) system provides a reference method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC , operated by The MITRE Corporation , maintains

2613-410: The Windows software development kit and driver development kit documentation) occurs when the kernel or a driver running in kernel mode encounters an error from which it cannot recover. This is usually caused by an illegal operation being performed. The only safe action the operating system can take in this situation is to restart the computer . Because of this, data loss may occur since the restart

2680-487: The above in favor of the error name and a concise description. Windows 8 also added a sad emoticon, which is absent on Japanese versions or Server counterparts. The hexadecimal error code and parameters can still be found in the Windows Event Log or in memory dumps , however the "Fatal System Error" BSoDs (which have also changed since Windows Server 2012) had the hexadecimal error code "0xc000021a" in place of

2747-402: The aforementioned "MS_T120" channel to always be bound to 31 even if requested otherwise by an RDP server. The NSA recommended additional measures, such as disabling Remote Desktop Services and its associated port ( TCP 3389) if it is not being used, and requiring Network Level Authentication (NLA) for RDP. According to computer security company Sophos , two-factor authentication may make

BlueKeep - Misplaced Pages Continue

2814-486: The blue screen may be seen only for an instant or not at all. Users have sometimes noted this as a random reboot rather than a traditional stop error, and are only aware of an issue after Windows reboots and displays a notification that it has recovered from a serious error. This happens only when the computer has a function called "Auto Restart" enabled, which can be disabled in the Control Panel which in turn shows

2881-421: The boot screen before starting normally. This function still exists in the final release (version 1.01); however, due to the remaining detailed text messages being removed, the screen mostly prints out random characters instead. This is not a crash screen, however; upon crashing, Windows 1.0 would simply lock up or exit to DOS. This behavior is also present in Windows 2.0 and Windows 2.1 . Windows 3.0 uses

2948-466: The client system, and the user can re-gain access to their RDP connection automatically if their network connection is interrupted. Microsoft dismissed this vulnerability as being intended behaviour, and it can be disabled via Group Policy . As of 1 June 2019, no active malware of the vulnerability seemed to be publicly known; however, undisclosed proof of concept (PoC) codes exploiting the vulnerability may have been available. On 1 July 2019, Sophos ,

3015-486: The creation of the Blue Screen of Death to Steve Ballmer , Microsoft's former CEO . Their articles cited a blog post by Microsoft employee Raymond Chen entitled "Who wrote the text for the Ctrl+Alt+Del dialog in Windows 3.1?", specifically focusing on the creation of the first rudimentary task manager in Windows 3.x. This aforementioned task manager shared some visual similarities with a BSOD, with Ballmer writing

3082-440: The crowd and Gates replied (after a nervous pause): "That must be why we're not shipping Windows 98 yet." systemd , a software suite providing system components for Linux operating systems, implements a blue screen of death similar to that of Microsoft Windows using a systemd unit called systemd-bsod since August 2023, which was fully added on December 6, 2023 starting with version 255 of systemd. While it does not fully replace

3149-422: The driver which is loaded at that address. Under Windows NT, the second and third sections of the screen may contain information on all loaded drivers and a stack dump, respectively. The driver information is in three columns; the first lists the base address of the driver, the second lists the driver's creation date (as a Unix timestamp ), and the third lists the name of the driver. By default, Windows will create

3216-421: The error name. Since Windows 10 build 14316, the screen features a QR code for quick troubleshooting, and from Windows 10 v2004 onwards, the references to "PC" are changed to "device". The Windows 9x line of operating systems used the Blue Screen of Death as the main way for virtual device drivers to report errors to the user. This version of the BSoD, internally referred to as " _VWIN32_FaultPopup ", gives

3283-412: The error number and its nature, all, some, or even none of the parameters contain data pertaining to what went wrong, and/or where it happened. In addition, the error screens showed four paragraphs of general explanation and advice and may have included other technical data such the file name of the culprit and memory addresses. With the release of Windows Server 2012, the BSoD was changed, removing all of

3350-459: The existence of all fatal crashes in Windows). Chen then followed this up with a blog post a day after his initial complaint, claiming responsibility for revising the BSoD in Windows 95 . In his post, Chen said in detail that he was the one who "sort of" created the BSoD in its first modern incarnation in Windows 95. The Blue Screen of Death (also known as a Stop error) in the Windows NT family

3417-504: The issue has not been made public), or in cases where the entry is not researched and written up by MITRE due to resource issues. The benefit of early CVE candidacy is that all future correspondence can refer to the CVE number. Information on getting CVE identifiers for issues with open source projects is available from Red Hat and GitHub . CVEs are for software that has been publicly released; this can include betas and other pre-release versions if they are widely used. Commercial software

SECTION 50

#1732780301646

3484-450: The latter). The most common BSoD is displayed on an 80×25 text-mode screen, which is the operating system's way of reporting an interrupt caused by a processor exception; it is a more serious form of the general protection fault dialog boxes. The memory address of the error is given and the error type is a hexadecimal number from 00 to 11 (0 to 17 decimal). The error codes are as follows: Reasons for BSoDs include: In Windows 95 and 98,

3551-424: The messages that appeared on the screen. Chen complained about this widespread mistake in a follow-up post on September 9, 2014. In his blog post, he was scathing on his evaluation of major tech news sites that had picked up on the incorrect story and performed poor or non-existent research that demonstrated complete ignorance of his original account. He indicated that, in addition to the faulty base story, over half

3618-468: The older Windows versions. On 6 September 2019, an exploit of the wormable BlueKeep security vulnerability was announced to have been released into the public realm. The initial version of this exploit was, however, unreliable, being known to cause " blue screen of death " (BSOD) errors. A fix was later announced, removing the cause of the BSOD error. On 2 November 2019, the first BlueKeep hacking campaign on

3685-570: The older Windows versions. On 6 September 2019, a Metasploit exploit of the wormable BlueKeep security vulnerability was announced to have been released into the public realm. The BlueKeep security vulnerability was first noted by the UK National Cyber Security Centre and, on 14 May 2019, reported by Microsoft . The vulnerability was named BlueKeep by computer security expert Kevin Beaumont on Twitter . BlueKeep

3752-410: The problem often requires using the repair tools found on the Windows installation disc. Before Windows Server 2012 , each BSoD displayed an error name in uppercase (e.g. APC_INDEX_MISMATCH), a hexadecimal error number (e.g. 0x00000001) and four parameters. The last two are shown together in the following format: error code (parameter 1, parameter 2, parameter 3, parameter 4) error name Depending on

3819-496: The problem. Users who have been assigned a CVE identifier for a vulnerability are encouraged to ensure that they place the identifier in any related security reports, web pages, emails, and so on. Per section 7 of the CNA Rules, a vendor which received a report about a security vulnerability has full discretion in regards to it. This can lead to a conflict of interest as a vendor may attempt to leave flaws unpatched by denying

3886-521: The reporter of the issue (e.g., if Alice reports one issue and Bob reports another issue, the issues would be SPLIT into separate CVE numbers). Another example is Alice reports a /tmp file creation vulnerability in version 1.2.3 and earlier of ExampleSoft web browser; in addition to this issue, several other /tmp file creation issues are found. In some cases this may be considered as two reporters (and thus SPLIT into two separate CVEs, or if Alice works for ExampleSoft and an ExampleSoft internal team finds

3953-717: The rest it may be MERGE'ed into a single CVE). Conversely, issues can be merged, such as if Bob finds 145 XSS vulnerabilities in ExamplePlugin for ExampleFrameWork regardless of the versions affected and so on, they may be merged into a single CVE. The Mitre CVE database can be searched at the CVE List Search , and the NVD CVE database can be searched at Search CVE and CCE Vulnerability Database . CVE identifiers are intended for use with respect to identifying vulnerabilities: Common Vulnerabilities and Exposures (CVE)

4020-513: The same BSOD to occur. On March 16, 2000, Microsoft released a security update to resolve this issue. One famous instance of a Windows 9x BSoD occurred during a presentation of a Windows 98 beta given by Bill Gates at COMDEX on April 20, 1998: The demo PC crashed with a BSoD when his assistant, Chris Capossela , connected a scanner to the PC to demonstrate Windows 98's support for Plug and Play devices. This event brought thunderous applause from

4087-446: The source of the problem. A BSoD can also be caused by a critical boot loader error, where the operating system is unable to access the boot partition due to incorrect storage drivers, a damaged file system or similar problems. The error code in this situation is STOP: 0x0000007B (INACCESSIBLE_BOOT_DEVICE). In such cases, there is no memory dump saved. Since the system is unable to boot from the hard drive in this situation, correction of

SECTION 60

#1732780301646

4154-407: The splitting and merging of issues into distinct CVE numbers. As a general guideline, one should first consider issues to be merged, then issues should be split by the type of vulnerability (e.g., buffer overflow vs. stack overflow ), then by the software version affected (e.g., if one issue affects version 1.3.4 through 2.5.4 and the other affects 1.3.4 through 2.5.8 they would be SPLIT) and then by

4221-410: The stop error. Microsoft Windows can also be configured to send live debugging information to a kernel debugger running on a separate computer . If a stop error is encountered while a live kernel debugger is attached to the system, Windows will halt execution and cause the debugger to break in, rather than displaying the BSoD. The debugger can then be used to examine the contents of memory and determine

4288-869: The system, with funding from the US National Cyber Security Division of the US Department of Homeland Security . The system was officially launched for the public in September 1999. The Security Content Automation Protocol uses CVE, and CVE IDs are listed on Mitre's system as well as in the US National Vulnerability Database . MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security vulnerabilities in publicly released software packages. Historically, CVE identifiers had

4355-455: The user the option either to restart the computer or to continue using Windows, allowing the user to save their work before any data could be lost. Depending on the type of situation it may have occurred, however, the options to either continue or restart may or may not work at all. This is in contrast to the Windows NT version of BSoDs, which prevented the user from using the computer until it has been powered off or restarted (usually automatic for

4422-407: The vulnerability on Windows 2000 . Microsoft released patches for the vulnerability on 14 May 2019, for Windows XP , Windows Vista , Windows 7 , Windows Server 2003 , Windows Server 2008 , and Windows Server 2008 R2 . This included versions of Windows that have reached their end-of-life (such as Vista, XP, and Server 2003) and thus are no longer eligible for security updates. The patch forces

4489-400: Was not based on the rudimentary task manager screen of Windows 3.x and was actually designed by Microsoft developer John Vert, according to former Microsoft employee Dave Plummer . Additionally, Vert has also stated the reason why Stop error screens were assigned the color blue was because the universal color palette of the video hardware at that time was very rudimentary and he personally used

#645354