Security researchers warn of a Windows 10 bug that can cause major hard drive damage by simply displaying the icon.
Security researcher Jonas L, the discoverer of this vulnerability, describes it as a critically underestimated NTFS file system vulnerability. It states that the error lies in a specially crafted line of code that can be placed in any folder, ZIP file, or link. The user then unzips the ZIP file or simply looks at the folder that contains the link, causing this error and damaging the disk’s file system. Windows 10 will then display a pop-up window stating that there is something wrong with the hard disk. Affected users will be prompted to restart the computer to correct the disk error.
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED– Jonas L (@jonasLyk) January 9, 2021
There is a specially nasty vulnerability in NTFS right now.
Triggerable by opening special crafted name in any folder anywhere.’
The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369N
For example, the line of code or other command that causes this error is:
Of course, if the system disk is marked with a different letter, the letter “C” must be replaced by the letter of the system disk.
This command can be run, for example, from the command line or in the PowerShell console.
CHKDSK usually fixes the error when you restart your computer, but this may not always be the case. We recommend that you do not try this command!
If you still decide to try the command, you do so at your own risk!
It is also possible to enter only the path directly into the address bar of any browser (except Internet Explorer):
CHKDSK usually fixes the error when you restart your computer, but this may not always be the case. We recommend that you do not try this method!
If you still decide to try embedding the path in your browser, you do so at your own risk!
Jonas told Bleeping Computer that the problem has been with Windows 10 since the April 10, 2018 update.
Vulnerability analyst Will Dormann later identified the Windows 10 bug and identified several other potential options for triggering the vulnerability. These include opening ISO, VHD, VHDX or HTML files without MoTW. However, there are probably even more.
Nice find by @jonasLyk :
Result: NTFS corruption— Will Dormann (@wdormann) January 9, 2021
– Open an ISO, VHD, or VHDX
– Extract a ZIP file
– Open an HTML file without a MoTW
– Probably more… pic.twitter.com/LY18Lo3J3m
In an interview with The Verge, Microsoft said it was reporting the issue and will release an update in the future to correct the bug. Microsoft also told Bleeping Computer that it would provide updates for the affected devices as soon as possible. However, until it does, be careful not to open unknown folders or extract ZIP files.
Source: Technológie by pc.zoznam.sk.
*The article has been translated based on the content of Technológie by pc.zoznam.sk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!