[ad_1]
Microsoft says it plans to fix a bizarre Windows 10 bug that could corrupt a hard drive just by looking at an icon. Security researcher Jonas L first warned about the bug earlier this week, describing it as an “nasty vulnerability”. Attackers can hide a specially crafted line in a ZIP file, folder, or even a simple Windows shortcut. All a Windows 10 user needs to do is extract the ZIP file or just look at a folder that contains a malicious shortcut and it will automatically trigger hard drive corruption.
Will Dormann, Vulnerability Analyst at the CERT Coordination Center (CERT / CC), confirmed the results, and note that there might be more ways to trigger NTFS corruption. Dormann also revealed that the vulnerability has existed in Windows 10 for almost three years, and that he reported another NTFS issue two years ago it still has not been fixed.
“We are aware of this issue and will be providing an update in a future release,” a Microsoft spokesperson said in a statement to The edge. “The use of this technique is based on social engineering and as always we encourage our customers to adopt good online computing habits, including using caution when opening unknown files or accepting file transfers. “
Others have found that the vulnerability also occurs if you simply paste the offending string into a browser’s address bar. Bleeping computer also has tested the bug in various ways and notes that it will prompt Windows 10 users to restart a PC to repair corrupted disk records. Restarting will trigger the Windows chkdsk process, which should successfully repair the corruption.
The repair process is not always automatic, however. Dormann says it may require manual intervention to properly repair corrupted disk records. The bug also does not require administrator rights to trigger or special write permissions. This could make it more problematic for IT administrators if chkdsk fails to automatically repair affected drives.
[ad_2]
Source link