Security researchers have warned about a Windows 10 bug that can cause major damage to your hard drive, and all it takes is to look at a folder it's hiding in. Much like Medusa from Greek mythology, it can turn your hard drive to stone — or in realistic terms, corrupt it.
Posted by security researcher Jonas L, it's described as a "critically underestimated" NTFS (NT File System storing and retrieving files on a hard disk) vulnerability. He states it's triggered when a "specially crafted" line of code is placed in any folder, or desktop icon, and is then simply opened or looked at. Users will then get a pop-up message stating there is something wrong with the hard drive.
Affected users will then be asked to reboot their PCs to repair disk errors and the hard drive.
- Check out how to use Windows 10
- Here's how to make a GIF on Windows 10
- Here's a first look at Microsoft's new Windows 10X OS
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED-There is a specially nasty vulnerability in NTFS right now.Triggerable by opening special crafted name in any folder anywhere.'The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369NJanuary 9, 2021
What's more, the line could be placed in a ZIP folder, and once extracted, it can immediately corrupt your hard drive. Apparently, the researcher told Bleeping Computer that the problem had been around since the Windows 10 April 2018 update. Yikes.
Vulnerability analyst Will Dormann later proved the Windows 10 bug, listing other potential threats including opening an ISO, VHD, or VHDX, opening an HTML file without a MoTW, and "probably more..."
Nice find by @jonasLyk :cd
Result: NTFS corruptionOther vectors: - Open an ISO, VHD, or VHDX- Extract a ZIP file- Open an HTML file without a MoTW- Probably more... pic.twitter.com/LY18Lo3J3mJanuary 9, 2021
Talking to The Verge, Microsoft stated that it is aware of the issue, and will push out an update to fix the bug in the future.
“We are aware of this issue and will provide an update in a future release,” a Microsoft spokesperson told The Verge. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”
Microsoft also told Bleeping Computer that it will provide updates for impacted devices as soon as possible. Until it does, be wary about opening unknown folders or extracting ZIP files, as it may be your hard drive's last time doing so.