Be careful while opening files you download from the Internet. A nasty new Windows 10 bug has been discovered and it is said to corrupt the hard disk simply by unzipping a ZIP file, opening a folder, or looking at a shortcut icon.
First spotted by security researcher Jonas L, this zero-day vulnerability (which he has termed as specially nasty) enables attackers to corrupt an NTFS-formatted hard disk using a special crafted line. Of course, Jonas does not reveal that special line of code. But, you need to take special care as it can be hidden within a ZIP file, folder, or Windows shortcut.
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED
–
There is a specially nasty vulnerability in NTFS right now.
Triggerable by opening special crafted name in any folder anywhere.'
The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369N— Jonas L (@jonasLyk) January 9, 2021
The folks over at Bleeping Computer further tested the bug in a variety of ways. They found that you can trigger NTFS hard disk corruption by merely pasting the special command in the address bar in a browser.
Will Dormann, a CERT/CC vulnerability analyst, has since verified the finding. He has added that there is a myriad of methods an attacker could trigger the NTFS hard disk corruption. Apart from ZIP, folders, and shortcuts, this includes opening an ISO, VHD, or VHDX, opening an HTML file without a MoTW, and more. That special line of code can have severe consequences if integrated into the code of a legitimate Windows 10 app.
Nice find by @jonasLyk :
cd <specialdir>Result: NTFS corruption
Other vectors:
– Open an ISO, VHD, or VHDX
– Extract a ZIP file
– Open an HTML file without a MoTW
– Probably more… pic.twitter.com/LY18Lo3J3m— Will Dormann (@wdormann) January 9, 2021
The researcher says that the bug became exploitable with the Windows 10 April 2018 update and works on the most latest release as well. This means the exploit has been present in the OS for close to three years.
Microsoft is aware of the exploit and currently working on a fix, as confirmed by The Verge. The company urges Windows 10 users to exercise caution and follow healthy online practices until the patch is rolled out. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files or accepting file transfers,” says Microsoft.
If you are faced with this bug and your hard disk gets corrupted, then a lot of reports say that Windows 10 will prompt you to reboot the PC. You will have to run Windows chkdsk to repair the corrupted disks. While Windows 10 should automatically trigger this process, it is possible that you might need to manually jump into chkdsk in some cases.