Posts: 3,454 +1,032
PSA: Be careful. A particularly "nasty" Windows 10 bug can potentially corrupt your hard drive just by looking in a folder. An attacker can embed and specially crafted string in a shortcut or folder that instantly corrupts the MFT. It can be avoided by the usual means of not opening email attachments or using any external drives that you do not trust.
Earlier this week, security researchers discovered a bug in Windows 10 that will corrupt the hard drive by merely opening a folder, clicking a shortcut, or by other seemingly innocuous means. Twitter user Jonas L was the first to point out the vulnerability. He noted that it was triggered by "opening special crafted name in any folder anywhere."
The vulnerability can be remotely triggered if having any kind of service allowing file opens of specific names to happen.— Jonas L (@jonasLyk) January 9, 2021
Its embeddable in HTML, sharred folders etc.
Until now only consequence have been running chkdsk on boot- but now the MFT have corrupted
CERT/CC vulnerability analyst Will Dormann later verified the bug and added that it had several vectors other than opening a folder or file shortcut, including opening an ISO, VHD, or VHDX, extracting a Zip file, opening an HTML file without a MoTW, and others. It can be particularly nefarious if the code is embedded in the shortcut to a legitimate application.
Upon triggering, the bug will automatically corrupt the NTFS MFT (master file table). Sometimes Windows will immediately pop up a notice to restart your computer so it can run a drive repair. However, Dormann says this is not always the case, and sometimes users will have to run a manual repair.
It should repair the damage successfully. Though at least once I got this screen, which required manual intervention to do the repair. pic.twitter.com/0fvYUDLEz5— Will Dormann (@wdormann) January 15, 2021
Microsoft knows about the problem and told The Verge it was working on a fix. In the meantime, it urges users to be cautious and practice proper cyber hygiene.
"We are aware of this issue and will provide an update in a future release. The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."
Dormann remains pessimistic about a fix coming from Microsoft, claiming that he reported a similar NTFS bug two years ago that still is not fixed. He said he would not disclose the special file name that causes the corruption for now. He wants to give Microsoft a chance to iron the issue out first.