This Windows 10 NTFS bug can instantly corrupt your hard drives

Microsoft fixed a number of flaws in the first Patch Tuesday updates of the year earlier in the week, but it looks like an uncorrected bug that has been exploited for a long time has yet to be fixed. According to @jonasLyk, a short one-line command provided via a specially crafted file can corrupt any Windows 10 NTFS formatted hard drive.

Delivered via ZIP file, shortcut file, HTML or other vectors, the command triggers hard drive errors corrupting the file system index without even requiring administrative privileges.

New RS_PRERELEASE Build 21292 released with tons of fixes and improved privacy settings

“Severely Underestimated” Windows 10 NTFS Vulnerability

Jonas says this Windows 10 bug is not new and has been around since the Windows 10 April 2018 Update was released, and remains exploitable on the latest versions as well. BleepingComputer said the problematic command includes i $ 30 string, a Windows NTFS index attribute associated with directories.

CRITICALITY OF UNDERESTIMATED NTFS VULNERABILITY
–
There is currently a particularly nasty vulnerability in NTFS.
Triggerable by opening a specially crafted name in any folder anywhere. ‘
The vulnerability will appear instantly to complain that your hard drive is corrupted when the path is opened pic.twitter.com/E0YqHQ369N

– Jonas L (@jonasLyk) January 9, 2021

After running the command, Windows 10 will start showing prompts to restart the device and fix the corrupted drive. Apparently, the issue also affects some versions of Windows XP and similar NTFS bugs have been known for years but have not yet been fixed by the Windows manufacturer.

Nice find by @jonasLyk :
CD

Result: NTFS corruption
Other vectors:
– Open an ISO, VHD or VHDX
– Extract a ZIP file
– Open an HTML file without MoTW
– Probably more … pic.twitter.com/LY18Lo3J3m

– Will Dormann (@wdormann) January 9, 2021

It is still not clear why the chain is causing hard drive corruption. In response to the report, Microsoft said that “the use of this technique is based on social engineering and, as always, we encourage our customers to adopt good online computing habits, including using caution when using opening unknown files or accepting file transfers ”.

January 2021 Tuesday patch update KB4598242 is available for Windows 10 versions 20H2 and 2004

However, at least one example shared by Jonas with BP confirms that when using a Windows shortcut file (.url) with its icon location set to C: : $ i30: $ bitmap, a user n does not even have to open the file for it to trigger the vulnerability. Microsoft has stated that it will “provide updates for affected devices as soon as possible,” so hopefully there will finally be a fix coming up for this NTFS bug stream.

– More details at BP