A vulnerability in Microsoft Windows 10 could allow attackers to corrupt an NTFS-formatted HD using a one-line command. A single line file can be hidden inside a Windows shortcut, zip archive, batch files or various other vectors to cause hard disk errors, instantly damaging the file system index.
An information security researcher with the pseudonym Jonas L has drawn attention to an unpatched vulnerability in NTFS affecting Windows 10.“The vulnerability appeared in Windows 10 (build 1803) and continues to exist in the latest version. In addition, the problem can be exploited by a regular user with low privileges on Windows 10″, — says Jonas L.
The drive can be damaged even if you just try to access the NTFS “$ i30” attribute in the folder in a certain way. The Windows NTFS index attribute (string “$ i30”) is associated with directories and contains a list of files and subfolders of the directory. In some cases, the NTFS index can also include deleted files and folders, which is useful for incident response or investigations.
It remains unknown why access to this attribute damages the disk, but the registry key that would help diagnose the problem is not working. After running the command in the Windows 10 command line and pressing Enter, the user will see the error message “The file or directory is corrupted and unreadable.”
Windows 10 will immediately start displaying notifications prompting the user to restart the computer and repair the damaged disk volume.
After rebooting, the Windows Disk Check utility starts and begins to repair the hard drive.
“After the disks are damaged, Windows 10 will generate errors in the event log indicating that the master file table (MFT) for a particular disk contains a corrupted entry”, – told Jonas L.
The expert also noted that the generated Windows shortcut file (.url) with the icon location set to “C: \: $ i30: $ bitmap” will exploit the vulnerability even if the user has never opened the file.
Once this shortcut file is downloaded to Windows 10 PC and the user browses the folder it is in, Windows Explorer will try to display the file icon. To do this, Windows Explorer will try to access the generated icon path inside the file in the background, thereby damaging the NTFS hard drive in the process.
Let me remind you that Microsoft fixed the issue of running the sandbox on Windows 10, but the processor started to get very hot.
User Review
( votes)
