This Easily-Exploitable Windows 10 NTFS Bug Can Instantly Corrupt Your Hard Drives
Microsoft patched a number of flaws through the year's first Patch Tuesday updates earlier in the week, but it appears an unpatched bug that has been exploited for a long time is yet to be addressed. According to @jonasLyk, a short, single-line command delivered through a specially crafted file can corrupt any Windows 10 NTFS-formatted hard drive.
Delivered through a ZIP, shortcut file, HTML, or other vectors, the command triggers hard drive errors corrupting the filesystem index without even requiring administrative privileges.
"Critically underestimated" Windows 10 NTFS vulnerability
Jonas says that this Windows 10 bug isn't new and has been around since the release of Windows 10 April 2018 Update, and remains exploitable on the latest versions, as well. BleepingComputer shared that the problematic command includes $i30 string, a Windows NTFS Index Attribute associated with directories.
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED
There is a specially nasty vulnerability in NTFS right now.
Triggerable by opening special crafted name in any folder anywhere.'
The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369N
— Jonas L (@jonasLyk) January 9, 2021
After running the command, Windows 10 will start displaying prompts to restart the device and repair the corrupted drive. Apparently, the issue also impacts some Windows XP versions and similar NTFS bugs have been known for years but are yet to be addressed by the Windows maker.
Nice find by @jonasLyk :
Result: NTFS corruption
- Open an ISO, VHD, or VHDX
- Extract a ZIP file
- Open an HTML file without a MoTW
- Probably more... pic.twitter.com/LY18Lo3J3m
— Will Dormann (@wdormann) January 9, 2021
It remains unclear why the string is causing hard drive corruption. In response to the report, Microsoft has said that the "use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."
However, at least one example shared by Jonas with BP confirms that when using a Windows shortcut file (.url) with its icon location set to C:\:$i30:$bitmap, a user doesn't even have to open the file for it to trigger the vulnerability. Microsoft said that it "will provide updates for impacted devices as soon as possible," so hopefully there's finally some fix coming for this stream of NTFS bugs.
- More details over at BP
Stay in the loop
GET A DAILY DIGEST OF LATEST TECHNOLOGY NEWS
Straight to your inbox
Subscribe to our newsletter