News

OSR specialists released unofficial patch for NTFS bug in Windows 10

Recently, we talked about an NTFS bug in Windows 10 (and older versions of OS, including Windows XP), which was discovered by information security researcher Jonas Likkegaard.

A zero-day bug allows corrupting the structure of the NTFS file system with a simple one-line command. Moreover, the exploit for this problem can be easily hidden inside a shortcut file, ZIP archive, batch files, and so on.

“The vulnerability appeared in Windows 10 (build 1803) and continues to exist in the latest version. In addition, the problem can be exploited by a regular user with low privileges on Windows 10″, — says Jonas Likkegaard.

Now Bleeping Computer reports that OSR specialists have prepared an unofficial patch for this problem, as Microsoft engineers have not yet provided a fix.

“OSR, a software development company specializing in Windows internals, has released an open-source filter driver that prevents the NTFS bug from being abused while waiting for an official fix from Microsoft”, — reported Bleeping Computer journalists.

The patch is a simple i30Flt filter driver that will monitor attempts to access streams starting with “:$i30:” and, if necessary, block them before they can trigger an error.

“OSRDrivers/i30Flt: This is a simple filter that will block any attempt to access streams beginning with “:$i30:”. This stops the spurious corruption warning triggered on certain Windows 10 versions. (github.com)”, — stated OSR in a blog post about this bug.

The instructions for installing and removing the patch are posted on GitHub, and the technical details can be found on the OSR blog.

It is unknown when Microsoft plans to fix this bug, so if you are worried about intruders exploiting it on your computer, using an unofficial OSR patch is a good alternative while waiting for response from Microsoft.

The developers say that after Microsoft releases the official patch, the workaround can be easily removed with the following command:

RUNDLL32.EXE SETUPAPI.DLL, InstallHinfSection DefaultUninstall 132.\I30flt.inf

Read also our review of the 10 Best File Recovery Tools in 2020, as you never know…

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

22 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

22 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

22 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

22 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

23 hours ago