This Easily-Exploitable Windows 10 NTFS Bug Can Instantly Corrupt Your Hard Drives

Rafia Shaikh
Windows Feature Experience Pack
Image: Reddit / Is_It_Me_or_Not

Microsoft patched a number of flaws through the year's first Patch Tuesday updates earlier in the week, but it appears an unpatched bug that has been exploited for a long time is yet to be addressed. According to @jonasLyk, a short, single-line command delivered through a specially crafted file can corrupt any Windows 10 NTFS-formatted hard drive.

Delivered through a ZIP, shortcut file, HTML, or other vectors, the command triggers hard drive errors corrupting the filesystem index without even requiring administrative privileges.

Related StoryAlessio Palumbo
Bethesda Is Showing Its Strength in Microsoft’s Portfolio and That’s Really Encouraging, Says Phil Spencer

"Critically underestimated" Windows 10 NTFS vulnerability

Jonas says that this Windows 10 bug isn't new and has been around since the release of Windows 10 April 2018 Update, and remains exploitable on the latest versions, as well. BleepingComputer shared that the problematic command includes $i30 string, a Windows NTFS Index Attribute associated with directories.

After running the command, Windows 10 will start displaying prompts to restart the device and repair the corrupted drive. Apparently, the issue also impacts some Windows XP versions and similar NTFS bugs have been known for years but are yet to be addressed by the Windows maker.

It remains unclear why the string is causing hard drive corruption. In response to the report, Microsoft has said that the "use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."

However, at least one example shared by Jonas with BP confirms that when using a Windows shortcut file (.url) with its icon location set to C:\:$i30:$bitmap, a user doesn't even have to open the file for it to trigger the vulnerability. Microsoft said that it "will provide updates for impacted devices as soon as possible," so hopefully there's finally some fix coming for this stream of NTFS bugs.

Relevant: Leaked Windows 10X build offers us first look at the Chrome OS competitor 

More details over at BP

Share this story