Microsoft knows about a rather bizarre bug that corrupts the primary hard drive and can potentially crash a Windows 10 PC. Shockingly, a seemingly harmless shortcut is all that it takes to corrupt a normal and functioning hard drive. Needless to mention, the bug is easily reproducible and risky.
Microsoft is aware of and planning to, fix a Windows 10 bug that could corrupt a hard drive. Described as a “nasty vulnerability,” the Windows 10 bug is quite effective in causing havoc with just a simple Windows shortcut.
Windows 10 vulnerability that corrupts hard drive and causes system crash remains unpatched:
The “nasty vulnerability” in Windows 10 was first discovered by security researcher Jonas Lykkegaard. Essentially, all it takes to cripple a hard drive is a specially crafted line. The line can be inside a ZIP file, folder, or even a simple Windows shortcut.
Corrupting NTFS With A Single Shortcut https://t.co/G3V3W4RkmR
— PC Perspective (@pcper) January 15, 2021
Concerningly, a Windows 10 user merely needs to extract the ZIP file or simply look at a folder that contains a malicious shortcut. Just by doing these simple actions, the hidden line will automatically trigger hard drive corruption. The vulnerability currently impacts only those hard drives that are formatted in the NTFS File System.
Although there are quite a few popular File System or Structures such as FAT, FAT32, exFAT, the NTFS (NT File System) is by far the most common. Developed by Microsoft, NTFS offers multiple benefits for Windows 10 PCs such as larger files, better encryption, file compression, limiting quotas, etc.
Nice find by @jonasLyk :
cd <specialdir>Result: NTFS corruption
Other vectors:
– Open an ISO, VHD, or VHDX
– Extract a ZIP file
– Open an HTML file without a MoTW
– Probably more… pic.twitter.com/LY18Lo3J3m— Will Dormann (@wdormann) January 9, 2021
Will Dormann, a vulnerability analyst at the CERT Coordination Center (CERT/CC), confirmed the findings. He has further cautioned that there could be more ways to trigger the NTFS corruption.
Speaking about the Windows 10 bug, a Microsoft spokesperson said, “We are aware of this issue and will provide an update in a future release. The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”
How does the Windows 10 bug corrupt an NTFS-formatted hard drive running Windows 10?
There are a few ways to trigger the Windows 10 NTFS vulnerability. However, every variation involves trying to access the $i30 NTFS attribute on a folder in a particular way.
Before listing the methods, we strongly advise not to replicate any of them for the safety and integrity of a Windows 10 PC.
NTFS corruption on fully patched latest Win10 by simply accessing "C::$i30:$bitmap" (be creative how!)
Captured an Example-Video how to trigger this with your Web-Browser.
Source of this Vulnerability: @jonasLyk – https://t.co/4Fv503koU8
Ping @samilaiho pic.twitter.com/fazCBmks2D— Gunnar Haslinger (@GHaslinger) January 15, 2021
One of the exploits involves the creation of a Windows shortcut file that has its icon location set to C:\:$i30:$bitmap. Reports indicate merely creating the shortcut triggered the bug.
In other words, the corruption sequence got triggered even if users did not attempt to click on the file. It seems Windows Explorer’s attempts to access the icon path in the background was enough to corrupt the NTFS hard drive.
Seems like it can also be triggered when you paste the command in the URL of a browser except ie so far pic.twitter.com/7XsGhrowps
— Siam Alam (@Slmi0xC) January 15, 2021
Apparently, the vulnerability also occurs by simply pasting the offending string into the address bar in a browser. Needless to add, this is a very concerning and easy to deploy or reproduce vulnerability that doesn’t take much skill.
Apart from triggering corruption of the NTFS-formatted hard drive, the bug will initiate standard Windows protocols to repair the damage. This involves asking users to reboot a PC to repair the corrupted disk records.
A standard reboot sequence then triggers the Windows ‘CHKDSK’ process. Several users have reported that the entire sequence successfully reverses any corruption. However, some users haven’t been so lucky.