Microsoft to fix critical NTFS vulnerability on Windows 10 PCs

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft is working to fix a critical NTFS vulnerability on Windows 10 that can corrupt users’ hard drives when they open an HTML file, a Windows shortcut, or extract a Zip file that contains a one-line command (via The Verge). When the vulnerability is triggered, users will see a pop up saying that they need to restart their PC to repair drive errors, and doing so will initiate the Windows check disk utility on reboot to repair the corrupted disk.

The vulnerability was actually discovered two years ago by Will Dorman, a security researcher at the CERT Coordination Center. If Dormann believed that Windows 10 versions older than 1803 may not be affected, Bleeping Computer is reporting today that the NTFS issue also impacts older versions of Windows XP.

This vulnerability is pretty serious as it can be hidden in a random file and corrupt your hard drive instantly. Worse, Bleeping Computer discovered that it can also be triggered when the Windows File Explorer simply displays a corrupted shortcut hiding the malicious command in a folder. “To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process,” the report explained.

Microsoft has finally acknowledged this critical vulnerability in a statement to The Verge, promising a fix in a future update. “We are aware of this issue and will provide an update in a future release,” a Microsoft spokesperson said. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”

User forum

0 messages