A serious Windows 10 crash can corrupt your hard drive if you open a folder

A security researcher has revealed details of a strange bug that could result in the corruption of an NTFS hard drive in Windows 10 as well as in unsupported Windows XP. What makes the bug so serious and unusual is that it can be triggered without the user having to open a file.

The bug – which has been around for three years – can cause a hard drive to become corrupted if the user simply views the contents of a folder that includes a specially created file. Although Microsoft is aware of the problem affecting the $ i30 NTFS attribute, a fix has not yet been produced.

See too:

Writing on Twitter, security researcher Jonas L explains: “There is an especially nasty vulnerability in NTFS now. It can be triggered by opening a special name created in any folder anywhere. The vulnerability will instantly appear complaining that your hard drive is corrupted when the way is open “.

The vulnerability can be triggered remotely if there is some kind of service that allows files of specific names to be opened.
It can be embedded in HTML, shared folders etc.
So far, only chkdsk was run at startup, but now the MFT has been corrupted

– Jonas L (@jonasLyk) January 9, 2021

So, how does failure work?

As Bleeping Computer explains – complete with an appropriate warning – running the cd c: : $ i30: $ bitmap command will essentially destroy a drive (so do not do it!) But in fact, there are several ways in which hard drive corruption can be triggered; the most worrying is the method that simply requires someone to view the contents of the folder. The vulnerability can be exploited even on user accounts that do not have administrator rights.

Jonas also found that if a shortcut file was created with the icon’s location set to C: : $ i30: $ bitmap, just opening the folder containing that file is enough to corrupt a drive. There are, of course, several ways in which these malicious shortcuts can be implanted on a computer, and a user tricked into opening the folder that contains it.

Another security researcher, Siam Alam, demonstrated yet another way to trigger drive corruption:

Microsoft is currently working to produce a fix. In a note given to Verge, the company stated: “We are aware of this problem and will provide an update in a future version. The use of this technique depends on social engineering and as we always encourage our customers to practice good online computing habits, including caution when opening unknown files or accepting file transfers “.

Image credit: David Carillet / Shutterstock