An “unpleasant” NTFS vulnerability in Windows 10 was highlighted once again by the infosec researcher Jonas L. The vulnerability can be exploited with a single line command and, when exploited, corrupts an NTFS-formatted hard drive. After the corruption, Windows will ask a person to restart the computer to correct the problem.
Attackers can hide the line of code inside a ZIP file, folder, or even a Windows shortcut file. If the bug is exploited correctly, it can corrupt a drive without anyone opening the malicious file. BleepingComputer found that after a shortcut file was downloaded to a Windows 10 PC and viewed in a folder, Windows Explorer will attempt to display the files icon. As a result, the attack will occur and an NTFS hard drive will be corrupted.
VPN offers: Lifetime license for $ 16, monthly plans for $ 1 and more
Generally speaking, if people look at a particular folder or extract a ZIP file that contains a certain code on their PC, it will cause some drives to become corrupted.
Jonas L explained to BleepingComputer that the vulnerability became exploitable with Windows 10 build 1803, also known as Windows 10 April 2018 Update. The bug persists in the latest versions of Windows 10 as well. Jonas L also signaled the vulnerability in August 2020 and October 2020.
Microsoft responded to The Verge about the bug, stating:
We are aware of this issue and will provide an update in a future version. The use of this technique depends on social engineering and, as always, we encourage our customers to practice good online computing habits, including caution when opening unknown files or accepting file transfers.
The vulnerability can also be exploited if you paste a certain code string into a browser’s address bar. Windows 10 will attempt to automatically repair the drive corruption, but the vulnerability analyst Will Dormann observes which may require manual intervention for repair.
These are CES 2021’s biggest PC ads
CES 2021 was different because it was not held in a physical location. Instead, companies relied on press kits and virtual presentations to showcase all new products. We’ve put together the best PC-related ads in case you missed the show.