[ad_1]
‘Nasty’ NTFS vulnerability in Windows 10 has been highlighted once again by infosec researcher Jonas L. The vulnerability can be exploited with a single line command and, when exploited, corrupts an NTFS formatted hard drive. As a result of the corruption, Windows will prompt a person to restart their computer to resolve the problem.
Attackers can hide the line of code in a ZIP file, folder, or even Windows shortcut file. If the bug is properly exploited, it can corrupt a drive without even someone opening the malicious file. BleepingComputer has found that after a shortcut file has been downloaded to Windows 10 PC and displayed in a folder, Windows Explorer will attempt to display the files icon. As a result, the attack will take place and an NTFS hard drive will be corrupted.
VPN offers: lifetime license for $ 16, monthly plans for $ 1 and more
Simply put, if people look at a certain folder or extract a ZIP file that contains a certain piece of code on their PC, some disks will get corrupted.
Jonas L explained to BleepingComputer that the vulnerability became exploitable with Windows 10 build 1803, also known as Windows 10 April 2018 Update. The bug also persists in newer versions of Windows 10. Jonas L also reported the vulnerability in August 2020 and October 2020.
Microsoft responded to The Verge regarding the bug, stating:
We are aware of this issue and will provide an update in a future release. Using this technique is based on social engineering, and as always we encourage our customers to adopt good online computing habits, including using caution when opening unknown files or when accepting file transfers.
The vulnerability can also be exploited if you paste a certain string of code into the address bar of a browser. Windows 10 will try to repair drive corruption automatically but the Vulnerability Analyst Notes from Will Dormann that it might require manual intervention to repair.
These are the biggest PC announcements of CES 2021
CES 2021 was different in that it was not held in a physical location. Instead, companies have relied on press kits and virtual presentations to showcase all new products. We’ve rounded up the best PC related announcements in case you miss the show.
[ad_2]
Source link