 |  |
|---|
Posted on 01/15/2021 8:43:27 AM PST by dayglored
An unpatched zero-day in Microsoft Windows 10 (and prior) allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.
In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.
"Critically underestimated" NTFS vulnerability
In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed.
When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.
The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version.
What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.
A drive can become corrupted by merely trying to access the $i30 NTFS attribute on a folder in a certain way.
[Much more information, pics, examples, etc. at the article link...]
(Excerpt) Read more at bleepingcomputer.com ...
| |
|---|
Tech Ping!..........................
Tech Ping
Welcome to Microsoft.
Once again, so glad I do not run Windows.
Linux Ubuntu19 5.10.0-051000-generic #202012132330 SMP Sun Dec 13 23:33:36 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Bkmk
.
In before “It’s a feature not a bug” crowd.
Windows updated this morning. Maybe that’s the fix.
I glanced at the article and I didn’t see a solution to the vulnerability. It is easy to fix. Since, this occurs on NTFS volumes, change the security associated with the command prompt, cmd.exe, to only allow administrators to execute. I believe you can explicitly exclude access by non administrator account. This should be done to other utilities as well. Additionally, do not do every day work on an account administrator account. Sign on as Administrator when you do admin work, then sign off.
Unlikely -- I'd be astonished if Microsoft could get a fix out that quickly. More likely, it was the regular January Patch Tuesday update from Tue 1/12.
See also:
Microsoft to fix Windows 10 bug that can corrupt a hard drive just by looking at an icon
A bizarre Windows bug for 2021
By Tom Warren @tomwarren Jan 15, 2021, 8:40am EST
This is why I won’t touch Win10; it is a virus.
Win7 is their last strong, user-friendly platform, so that’s what I’m running — including ‘downgrading’ a Win10 computer to Win7.
What's worse is, the vulnerability can be triggered by standard and low privileged user accounts...I haven't test it myself, of course...
The article has an update at the end saying that versions back to and including Windows XP have this same vulnerability. So Windows 7 almost certainly has the same problem.
“change the security associated with the command prompt, cmd.exe, to only allow administrators to execute.”
won’t work since Windows makes user accounts administrators by default ... almost no regular users have any idea how to make non-administrator accounts .
SO what is the one-line command and how do I know if my computer is in jeopardy?
... and leave the distribution of virii to the skilled professionals.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.