Jaysu

Banned
Joined
21.09.20
Messages
122
Reaction score
837
Points
63
The vulnerability appeared in the version of Windows 10 (build 1803) and continues to exist in the latest version.

A vulnerability in Microsoft Windows 10 allows attackers to damage an NTFS-formatted hard drive with a single-line command. A single-line file can be hidden inside a Windows shortcut, ZIP archive, batch files, or various other vectors to cause hard disk errors that instantly damage the file system index.

An information security researcher using the alias Jonas L drew attention to an uncorrected vulnerability in NTFS affecting Windows 10. According to the expert, the vulnerability appeared in the version of Windows 10 (build 1803) and continues to exist in the latest version. In addition, the problem can be exploited by a regular user with low privileges on Windows 10 systems.

The disk can be corrupted even if you just try to access the NTFS attribute "$i30 " in the folder in a certain way. The Windows NTFS index attribute (string "$i30") is associated with directories and contains a list of files and subfolders of the directory. In some cases, the NTFS index may also include deleted files and folders, which is useful when conducting incident response or forensic analysis.

It remains unknown why accessing this attribute damages the disk, but the registry key that would help diagnose the problem does not work.

After running the command in the Windows 10 command prompt and pressing Enter, the user will see the error message "The file or directory is corrupted and unreadable". Windows 10 will immediately start displaying notifications prompting the user to restart the computer and repair the damaged disk volume. When you restart, the Windows Disk Scan utility starts and starts restoring the hard disk.

Once the disks are corrupted, Windows 10 will generate errors in the event log indicating that the Master File Table (MFT) for a particular disk contains a corrupted entry.

The expert also noted that the created Windows shortcut file (. url) with the icon location set to "C: \: $ i30: $ bitmap" exploits the vulnerability, even if the user never opened the file. Once this shortcut file is downloaded to a Windows 10 PC and the user views the folder where it is located, Windows Explorer will attempt to display the file icon. To do this, Windows Explorer will attempt to access the created icon path inside the file in the background, thereby damaging the NTFS hard drive in the process.
 
Top Bottom