Safety researcher and Twitter user Jonas L brought interest to the nearly three-yr aged bug in Home windows 10, calling it a “unpleasant vulnerability” for the reason that it can be brought on just by opening a specially crafted file with a single-line command.
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED
There is a specifically terrible vulnerability in NTFS proper now.
Triggerable by opening unique crafted title in any folder wherever.’
The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369N
— Jonas L (@jonasLyk) January 9, 2021
For whichever cause, it truly is a basic “$i30” NTFS attribute that visits the working system up. This very small string is associated with directories containing a checklist of data files and subfolders. This is troubling since it presents an uncomplicated vector for attackers. They could build a Home windows shortcut file with its icon locale established to the problematic solitary-line command, and if that icon finds its way on to a Computer system, the user’s tough travel will get corrupted.
The consumer would not even will need to manually click on on the icon—they would just have to have to look at the folder it resides in, which prompts Home windows Explorer to access it in the track record to show the icon. Future factor you know, your Computer system is rebooting and attempting to mend the difficult drive.
“We are mindful of this problem and will provide an update in a upcoming launch,” Microsoft mentioned in a statement. “The use of this procedure depends on social engineering and as generally we encourage our customers to apply fantastic computing patterns on the internet, like training caution when opening unknown data files, or accepting file transfers.”
Curiously plenty of, nobody would seem to know why particularly the one-line command trips up devices, only that it does. There could be other assault vectors as well. With any luck , a fix will be pushed out shortly, but in the meantime, heed Microsoft’s advice above.