Posted on 01/15/2021 8:43:27 AM PST by dayglored
An unpatched zero-day in Microsoft Windows 10 (and prior) allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.
In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.
"Critically underestimated" NTFS vulnerability
In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed.
When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.
The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version.
What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.
A drive can become corrupted by merely trying to access the $i30 NTFS attribute on a folder in a certain way.
[Much more information, pics, examples, etc. at the article link...]
(Excerpt) Read more at bleepingcomputer.com ...
Thank you!
(Off to create a system image now!)
The means for triggering the flaw are in the article.
If you're running Windows XP or later up to and including the latest Windows 10, your computer is vulnerable to this corruption.
That said, it's not going to suddenly corrupt itself -- you or a bad guy would have to do it intentionally. So: 1) don't execute the command that does it, and b) secure your system to be as safe as possible from bad guys.
I assume you know how to do the latter. If not, and you're running Windows, I recommend that you start learning quick. :-)
How long until the log in screen demands faelty to BLM and Biden to allow you to log in?
This is really not a big deal, interesting yes but really bad no.
It does not corrupt data or the hard drive in reality, just throws an error msg.
It's been around 20 years?
A message came up ... System restore failed while scanning file system on drive C. Drive might be corrupt. Try System Restore after chkdsk /R on this disk. Unspecified error occurred (0x81000204).
I wasn't sure how to do that chkdsk thing, so right now she is just borrowing my laptop. Any ideas for how I might help get her rolling again?
How long until the MS-Word spell/grammar-check starts flagging politically incorrect speech?
"It looks like you're writing from a problematic, conservative point of view. We have corrected your comments to align with the approved narrative."
The NTFS filesystem was designed in the early 1990's. Life was more innocent back then.
Before anything else, please attempt to take a full backup of the disk, onto an external drive.
Oh. That's reassuring.
Can this bug be exploited to provide admin access to hackers?
Will the bug be fixed, or will Microsoft just tell people to run chkdsk /f ?
I would try chkdsk /f before going to chkdsk /r.
Sounds good. Be aware that if the computer’s disk is having corruption problems, it’s likely that the backup process will encounter errors. So use a backup program that has some form of option to “ignore read errors and continue”, otherwise the backup will fail and stop partway through. Most commercial (and many free) backup programs have a way to do that.
Maybe not. The update at the end of the article indicates that this problem exists all the way back to Windows XP. So it’s likely that Windows 7 is vulnerable too.
Thanks for the information.
For those of us who STILL haven’t memorized all the flags for Dark Operating System commands, here is a handy reference page.
https://kb.wisc.edu/helpdesk/page.php?id=903#menu
Does it corrupt Microsoft Edge?
Disk corruption can and will mess up anything at all, including Edge. But I don’t get the impression, reading the article, that the corruption focuses on any given application. The flaw that triggers the problem has been part of Windows/NTFS for over a decade, so it long pre-dates any thought of Edge.
Thanks
She is the only one that uses that computer, so I just assumed she had Administrator privileges. But when I entered that command, this shows up...access denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode.
I'm stymied for the moment. Any ideas as to how to gain those privileges?
If "Home", you'll need to login as "Owner" or whatever they call the first user under Win10 Home. I'm pretty sure "Owner" is an Administrator.
If "Pro", you can start the Command Prompt with a right-click and "Run-As" and tell it to start as an Administrator.
(Maybe in Home you can right-click and do a "Run-As". I don't have a Home setup to test that on.)
That's all I can think of offhand, let me know what you learn from the above.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.