'Nasty' Windows 10 bug can corrupt your hard drive just by you looking at an icon or folder
A Windows 10 bug that's been around for years can corrupt your hard drive.
What you need to know
- A "nasty" Windows vulnerability can corrupt a hard drive when someone looks at a specific line of code.
- The bug has been exploitable since the Windows 10 April 2018 Update.
- Microsoft is working on a fix for the issue.
A "nasty" NTFS vulnerability in Windows 10 has been highlighted yet again by infosec researcher Jonas L. The vulnerability can be exploited with a single-line command and when exploited, corrupts an NTFS-formatted hard drive. Following the corruption, Windows will prompt a person to restart their computer to fix the issue.
Attackers can hide the line of code inside a ZIP file, folder, or even a Windows shortcut file. If the bug is exploited correctly, it can corrupt a drive without someone even opening the malicious file. BleepingComputer found that once a shortcut file was downloaded to a Windows 10 PC and is viewed within a folder, Windows Explorer will attempt to display the files' icon. As a result, the attack will take place and an NTFS hard drive will be corrupted.
In layman's terms, if people look at a certain folder or extract a ZIP file that has a certain piece of code on their PC, it will cause some drives to be corrupted.
Jonas L explained to BleepingComputer that the vulnerability became exploitable with Windows 10 build 1803, also known as the Windows 10 April 2018 Update. The bug persists into newer versions of Windows 10 as well. Jonas L also flagged up the vulnerability in August 2020 and October 2020.
The vulnerability can be remotely triggered if having any kind of service allowing file opens of specific names to happen.
Its embeddable in HTML, sharred folders etc.
Until now only consequence have been running chkdsk on boot- but now the MFT have corruptedThe vulnerability can be remotely triggered if having any kind of service allowing file opens of specific names to happen.
Its embeddable in HTML, sharred folders etc.
Until now only consequence have been running chkdsk on boot- but now the MFT have corrupted— Jonas L (@jonasLyk) January 9, 2021January 9, 2021
Microsoft responded to The Verge regarding the bug, stating:
The vulnerability can also be exploited if you paste a certain string of code into the address bar in a browser. Windows 10 will try to automatically repair the drive corruption but vulnerability analyst Will Dormann notes that it could require manual intervention to repair.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.