Microsoft patched a number of bugs through this year’s first updates about the update earlier this week, but it appears that a bug that has not been updated, has been exploited for a long time, has not yet been addressed. According to @jonasLyk, a short, single-line command delivered through a specially crafted file can corrupt any Windows 10 NTFS-formatted hard drive.
Delivered through a ZIP, shortcut, HTML, or other vectors, the command triggers a hard disk failure that corrupts the file system index without even requiring administrative privileges.
“Critically Underrated” Windows 10 NTFS Vulnerability
Jonas says that this Windows 10 bug is not new and has been around since the release of Windows April 10, 2018 Update, and is still usable on the latest versions. BleepingComputer shared that the problematic command includes $ i30 string, a Windows NTFS index attribute associated with directories.
NTFS VULNERABILITY CRITICISM UNDERESTIMATED
There’s a particularly nasty vulnerability in NTFS right now.
Triggered by opening a custom name in any folder. ‘
The vulnerability will immediately appear and complain that the hard drive is damaged when the path is opened pic.twitter.com/E0YqHQ369N
– Jonas L (@jonasLyk) January 9, 2021
After running the command, Windows 10 will begin displaying instructions to restart the device and repair the damaged drive. Apparently the problem also affects some Windows XP versions and similar NTFS errors have been known for years but have not yet been addressed by the Windows manufacturer.
Nice find by @jonasLyk:
Result: NTFS corruption
– Open an ISO, VHD or VHDX
– Extract a ZIP file
– Open an HTML file without MoTW
– Probably more … pic.twitter.com/LY18Lo3J3m
– Will Dormann (@wdormann) January 9, 2021
It is still unclear why the string causes corruption on the hard drive. In response to the report, Microsoft said that “the use of this technique depends on social engineering, and as always, we encourage our customers to practice good computing habits online, including being careful when opening unknown files or accepting file transfers.”
However, at least one example that Jonas has shared with BP confirms that when you use a Windows shortcut (.url) with the icon location set to C: : $ i30: $ bitmap, a user does not even need to open the file for it to trigger the vulnerability. Microsoft said it “will provide updates for affected devices as soon as possible,” so hopefully there will finally be some solution for this stream of NTFS errors.
– More information about BP