Be careful when opening files downloaded from the Internet. A nasty new Windows 10 bug has been discovered and it is said to corrupt the hard disk simply by opening a zip file, opening a folder, or looking at a shortcut icon.
First seen by security researcher Jonas L., this zero-day vulnerability (which he has dubbed particularly bad) enables attackers Corrupting NTFS-formatted hard disks using a special fabricated line. Of course, Jonas does not reveal that particular line of code. However, you need to take special care because it can be hidden within the zip file, folder or Windows shortcut.
NTFS Multiple Choice Insignificance
There is a particularly bad risk in NTFS right now.
Any particular folder can be triggered by opening a special fabricated name. ‘
When the path opens, the vulnerability will pop up immediately if you complain about your harddrive pic.twitter.com/E0YqHQ369N
– Jonas L. (@jonasLyk) 9 January 2021
Bleeding on the computer Further tested Bugs in various ways. They found that you can only trigger NTFS hard disk corruption Paste special command in the address bar In a browser.
The discovery has been verified by CERT / CC vulnerability analyst Will Dorman. They said there is one A myriad of ways An attacker can trigger NTFS hard disk corruption. In addition to ZIP, folders and shortcuts, this includes opening an ISO, VHD or VHDX, opening an HTML file without a MoTW, and more. A particular line of code can have serious consequences if integrated into the code of a valid Windows 10 app.
Nice by @jonasLyk :
Result: NTFS corruption
– Open an ISO, VHD, or VHDX
– Extract a ZIP file
– Open an HTML file without MoTW
– maybe more … pic.twitter.com/LY18Lo3J3m
– Will Dorman (@wdormann) 9 January 2021
The researcher says that the bug became exploitable with the Windows 10 April 2018 update and also works on the most recent releases. This means that the exploit has been present in the OS for about three years.
Microsoft is aware of the exploits and is currently working on a fix, as confirmed by The Verge. The company has urged Windows 10 users to exercise caution and follow healthy online practices until the patch is rolled out. “The use of this technology depends on social engineering and as always we encourage our customers to practice good computing habits online, including taking precautions when opening unknown files or accepting file transfers.” Microsoft says.
If you encounter this bug and your hard disk is corrupted, a lot of reports say that Windows 10 will prompt you to reboot the PC. You must run Windows chkdsk to repair a corrupted disk. While Windows 10 should trigger this process automatically, it is possible that you may need to manually jump into chkdsk in some cases.