Windows 10 harbors a new zero day security flaw. According to our colleagues from the Bleeding Computer site and the computer security researcher Jonas L, this vulnerability allows to corrupt a hard drive formatted in NTFS with a single command line.
Although Microsoft fixed 83 security flaws with the January 2021 patch Tuesday, it seems that a zero day flaw has slipped through the cracks. According to our colleagues at the Bleeding Computer site and information security researcher Jonas L, this vulnerability allows an attacker to corrupt an NTFS formatted hard drive.
As a reminder, NTFS is a file format used on Windows since Windows XP. It has the advantage of offering many security-related features, such as permission to access files, a change log or even data encryption. In addition, it offers a limitation on the maximum size of files and particularly large partitions: 16 TB max for files and 256 TB for partitions.
Also read: Windows 10 – bug causes random reboots, Microsoft is rolling out a fix
A flaw present since April 2018
Security researcher Jonas L. has been trying to draw Microsoft’s attention to this flaw since August 2020, with no obvious success. When it is used, it can instantly corrupt a hard drive into NTFS, forcing Windows to restart the PC to repair corrupt files.
According to Jonas L., this flaw has become exploitable since Windows 10 Build 1803 deployed in April 2018 and it has persisted since. The worst part is that this flaw can be exploited by standard user accounts, without elevated privileges. And the icing on the cake, it only takes one command line to use it.
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED – There is a specially nasty vulnerability in NTFS right now. Triggerable by opening special crafted name in any folder anywhere.’The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/ E0YqHQ369N
– Jonas L (@jonasLyk) January 9, 2021
Bleeding Computer just gave it a try with one of these command lines. For security, we will not share it here, but you can find it at the source of this article. After several tests, the Bleeding Computer teams noticed that a simple Windows shortcut file whose location is defined on this command line can trigger the vulnerability. And this without the user opening the file.
According to Jonas L, serious vulnerabilities of this ilk have been known for years and have yet to be corrected by Microsoft. Bleeding Computer contacted the manufacturer to find out if they were aware of this flaw and if a fix was on the way. “Microsoft has made a commitment to its customers to investigate reported security issues and we will provide updates for affected devices as soon as possible ”, assured the Redmond firm.
Source: Bleeding Computer