OSR specialists released unofficial patch for NTFS bug in Windows 10

Recently, we talked about an NTFS bug in Windows 10 (and older versions of OS, including Windows XP), which was discovered by information security researcher Jonas Likkegaard.

A zero-day bug allows corrupting the structure of the NTFS file system with a simple one-line command. Moreover, the exploit for this problem can be easily hidden inside a shortcut file, ZIP archive, batch files, and so on.

“The vulnerability appeared in Windows 10 (build 1803) and continues to exist in the latest version. In addition, the problem can be exploited by a regular user with low privileges on Windows 10″, — says Jonas Likkegaard.

Now Bleeping Computer reports that OSR specialists have prepared an unofficial patch for this problem, as Microsoft engineers have not yet provided a fix.

“OSR, a software development company specializing in Windows internals, has released an open-source filter driver that prevents the NTFS bug from being abused while waiting for an official fix from Microsoft”, — reported Bleeping Computer journalists.

The patch is a simple i30Flt filter driver that will monitor attempts to access streams starting with “:$i30:” and, if necessary, block them before they can trigger an error.

“OSRDrivers/i30Flt: This is a simple filter that will block any attempt to access streams beginning with “:$i30:”. This stops the spurious corruption warning triggered on certain Windows 10 versions. (”, — stated OSR in a blog post about this bug.

The instructions for installing and removing the patch are posted on GitHub, and the technical details can be found on the OSR blog.

It is unknown when Microsoft plans to fix this bug, so if you are worried about intruders exploiting it on your computer, using an unofficial OSR patch is a good alternative while waiting for response from Microsoft.

The developers say that after Microsoft releases the official patch, the workaround can be easily removed with the following command:

RUNDLL32.EXE SETUPAPI.DLL, InstallHinfSection DefaultUninstall 132.\I30flt.inf

Read also our review of the 10 Best File Recovery Tools in 2020, as you never know…

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button